aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/Fit123/bin/afc/reset_states.sh2
-rw-r--r--config/Fit123/bin/code-red/all.css1178
-rw-r--r--config/Fit123/bin/code-red/background.gifbin112090 -> 0 bytes
-rw-r--r--config/Fit123/bin/code-red/footer.pngbin23360 -> 0 bytes
-rw-r--r--config/Fit123/bin/code-red/header.pngbin31124 -> 0 bytes
-rw-r--r--config/Fit123/bin/cpaddon/filter.inc3329
-rwxr-xr-xconfig/Fit123/bin/cpaddon/services_captiveportal.abc608
-rw-r--r--config/Fit123/fit123.inc41
-rw-r--r--config/Fit123/fit123.xml16
-rw-r--r--config/autoconfigbackup/autoconfigbackup.php6
-rw-r--r--config/backup/backup.tmp2
-rw-r--r--config/dashboard/dashboard.inc36
-rw-r--r--config/dashboard/dashboard.xml7
-rw-r--r--config/freeswitch/call_forward_has_been_deleted.wavbin0 -> 28668 bytes
-rw-r--r--config/freeswitch/call_forward_has_been_set.wavbin0 -> 30976 bytes
-rw-r--r--config/freeswitch/disa.js78
-rw-r--r--[-rwxr-xr-x]config/freeswitch/freeswitch.inc1231
-rw-r--r--[-rwxr-xr-x]config/freeswitch/freeswitch.xml279
-rw-r--r--[-rwxr-xr-x]config/freeswitch/freeswitch_cmd.tmp4
-rw-r--r--config/freeswitch/freeswitch_dialplan.tmp163
-rwxr-xr-xconfig/freeswitch/freeswitch_dialplan.xml136
-rw-r--r--[-rwxr-xr-x]config/freeswitch/freeswitch_dialplan_includes.tmp137
-rwxr-xr-xconfig/freeswitch/freeswitch_dialplan_includes_details.tmp10
-rw-r--r--[-rwxr-xr-x]config/freeswitch/freeswitch_dialplan_includes_details_edit.tmp111
-rw-r--r--[-rwxr-xr-x]config/freeswitch/freeswitch_dialplan_includes_edit.tmp194
-rw-r--r--[-rwxr-xr-x]config/freeswitch/freeswitch_extensions.tmp84
-rwxr-xr-xconfig/freeswitch/freeswitch_extensions.xml225
-rw-r--r--[-rwxr-xr-x]config/freeswitch/freeswitch_extensions_edit.tmp96
-rwxr-xr-xconfig/freeswitch/freeswitch_external.xml136
-rw-r--r--config/freeswitch/freeswitch_features.tmp187
-rw-r--r--[-rwxr-xr-x]config/freeswitch/freeswitch_gateways.tmp88
-rw-r--r--[-rwxr-xr-x]config/freeswitch/freeswitch_gateways_edit.tmp211
-rwxr-xr-xconfig/freeswitch/freeswitch_internal.xml136
-rw-r--r--[-rwxr-xr-x]config/freeswitch/freeswitch_ivr.tmp87
-rw-r--r--[-rwxr-xr-x]config/freeswitch/freeswitch_ivr_edit.tmp162
-rwxr-xr-xconfig/freeswitch/freeswitch_ivr_options.tmp10
-rw-r--r--[-rwxr-xr-x]config/freeswitch/freeswitch_ivr_options_edit.tmp61
-rwxr-xr-xconfig/freeswitch/freeswitch_mailto.tmp88
-rw-r--r--[-rwxr-xr-x]config/freeswitch/freeswitch_modules.xml35
-rw-r--r--config/freeswitch/freeswitch_profile_edit.tmp143
-rw-r--r--config/freeswitch/freeswitch_profiles.tmp224
-rw-r--r--config/freeswitch/freeswitch_public.tmp162
-rwxr-xr-xconfig/freeswitch/freeswitch_public.xml135
-rw-r--r--[-rwxr-xr-x]config/freeswitch/freeswitch_public_includes.tmp109
-rwxr-xr-xconfig/freeswitch/freeswitch_public_includes_details.tmp10
-rw-r--r--[-rwxr-xr-x]config/freeswitch/freeswitch_public_includes_details_edit.tmp126
-rw-r--r--[-rwxr-xr-x]config/freeswitch/freeswitch_public_includes_edit.tmp188
-rw-r--r--[-rwxr-xr-x]config/freeswitch/freeswitch_recordings.tmp155
-rw-r--r--[-rwxr-xr-x]config/freeswitch/freeswitch_recordings_edit.tmp52
-rwxr-xr-xconfig/freeswitch/freeswitch_recordings_play.tmp27
-rw-r--r--[-rwxr-xr-x]config/freeswitch/freeswitch_status.tmp202
-rw-r--r--[-rwxr-xr-x]config/freeswitch/freeswitch_time_conditions.tmp41
-rw-r--r--[-rwxr-xr-x]config/freeswitch/freeswitch_time_conditions_edit.tmp58
-rw-r--r--config/freeswitch/freeswitch_vars.tmp162
-rwxr-xr-xconfig/freeswitch/freeswitch_vars.xml136
-rwxr-xr-xconfig/freeswitch/mod_fax.so.1bin80741 -> 0 bytes
-rwxr-xr-xconfig/freeswitch/mod_shout.so.1bin2147544 -> 0 bytes
-rw-r--r--config/freeswitch/please_enter_the_extension_number.wavbin0 -> 32360 bytes
-rw-r--r--config/freeswitch/please_enter_the_phone_number.wavbin0 -> 26552 bytes
-rw-r--r--config/freeswitch/please_enter_the_pin_number.wavbin0 -> 27504 bytes
-rw-r--r--config/havp/havp.inc1510
-rw-r--r--config/havp/havp.xml258
-rw-r--r--config/havp/havp_avset.xml105
-rw-r--r--config/havp/havp_fscan.xml72
-rw-r--r--config/igmpproxy/filter.tmp3312
-rwxr-xr-xconfig/igmpproxy/firewall_rules_edit.tmp879
-rw-r--r--config/igmpproxy/igmpproxy.inc86
-rw-r--r--config/igmpproxy/igmpproxy.xml160
-rw-r--r--config/nrpe2/nrpe2.inc188
-rw-r--r--config/nrpe2/nrpe2.xml166
-rw-r--r--config/nut/nut.inc7
-rw-r--r--config/nut/nut.xml5
-rw-r--r--config/openbgpd/openbgpd.inc6
-rw-r--r--config/openbgpd/openbgpd.xml5
-rw-r--r--config/openbgpd/openbgpd_neighbors.xml12
-rw-r--r--config/openbgpd/openbgpd_status.php2
-rw-r--r--config/ovpnenhance/openvpn.inc_tls668
-rw-r--r--config/ovpnenhance/openvpn.xml_tls329
-rw-r--r--config/ovpnenhance/openvpn_cli.xml_tls240
-rw-r--r--config/ovpnenhance/openvpn_csc.xml_tls169
-rw-r--r--config/ovpnenhance/ovpnenhance.inc13
-rw-r--r--config/ovpnenhance/ovpnenhance.xml40
-rw-r--r--config/shellcmd/shellcmd.inc124
-rw-r--r--config/shellcmd/shellcmd.tmp230
-rw-r--r--config/shellcmd/shellcmd.xml115
-rw-r--r--config/shellcmd/shellcmd_edit.tmp301
-rw-r--r--config/squid/squid.inc113
-rw-r--r--config/squidGuard/squidguard.xml6
-rw-r--r--config/squidGuard/squidguard_acl.xml4
-rw-r--r--config/squidGuard/squidguard_configurator.inc7
-rw-r--r--config/squidGuard/squidguard_default.xml4
-rw-r--r--config/squidGuard/squidguard_dest.xml2
-rw-r--r--config/squidGuard/squidguard_log.xml10
-rw-r--r--config/squidGuard/squidguard_rewr.xml2
-rw-r--r--config/squidGuard/squidguard_time.xml2
-rw-r--r--config/tinydns/new_zone_wizard.xml4
-rw-r--r--config/tinydns/tinydns.inc33
-rw-r--r--config/tinydns/tinydns_domains.xml24
-rwxr-xr-xpkg_config.7.xml78
-rwxr-xr-xpkg_config.8.xml25
-rw-r--r--pkg_config.xml21
101 files changed, 15719 insertions, 4722 deletions
diff --git a/config/Fit123/bin/afc/reset_states.sh b/config/Fit123/bin/afc/reset_states.sh
index e0d0d48b..4a7eb7e7 100644
--- a/config/Fit123/bin/afc/reset_states.sh
+++ b/config/Fit123/bin/afc/reset_states.sh
@@ -1,5 +1,7 @@
#!/bin/sh
+echo "Runnig the After Filter Change reset_states script" | logger
sleep 60
/sbin/pfctl -F state
sleep 40
/sbin/pfctl -F state
+echo "States has been reset" | logger
diff --git a/config/Fit123/bin/code-red/all.css b/config/Fit123/bin/code-red/all.css
deleted file mode 100644
index e813ff4d..00000000
--- a/config/Fit123/bin/code-red/all.css
+++ /dev/null
@@ -1,1178 +0,0 @@
-/* Element CSS Definitions */
-html, body, td, th, input, select {
- font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
- font-size: 0.9em;
-
-}
-
-div.GraphLink {
- position: relative;
-}
-
-span.GraphLinkLine {
- position: absolute;
- background-color: #990000;
- width: 100%;
-}
-
-/* DOM Tooltip CSS definitions */
-div.niceTitle
-{
- background-color: #333333;
- color: #FFFFFF;
- font-weight: bold;
- font-size: 13px;
- font-family: "Trebuchet MS", sans-serif;
- width: 220px;
- left: 0;
- top: 0;
- padding: 4px;
- position: absolute;
- text-align: left;
- z-index: 20;
- -moz-border-radius: 0 10px 10px 10px;
- filter: progid:DXImageTransform.Microsoft.Alpha(opacity=87);
- -moz-opacity: .87;
- -khtml-opacity: .87;
- opacity: .87;
-}
-div.niceTitle h1
-{
- background: #990000;
- border-bottom: 1px dotted #FFFFFF;
- font-weight: bold;
- font-size: 13px;
- font-family: "Trebuchet MS", sans-serif;
- margin: 3px;
- padding-top: 1px;
- padding-bottom: 1px;
- padding-left: 3px;
- text-align: left;
- left: 0;
- top: 0;
- -moz-border-radius: 0 8px 0 0;
- -moz-opacity: 1;
-}
-div.niceTitle .contents
-{
- margin: 0;
- padding: 0 3px;
- filter: progid:DXImageTransform.Microsoft.Alpha(opacity=100);
- -moz-opacity: 1;
- -khtml-opacity: 1;
- opacity: 1;
-}
-div.niceTitle p
-{
- background: #FFFFFF;
- border: 1px solid #990000;
- color: #000000;
- font-size: 11px;
- font-family: "Trebuchet MS", sans-serif;
- padding: 5px;
- margin: 3px;
- text-align: left;
- -moz-opacity: 1;
- -moz-border-radius: 0 0 8px 8px;
-}
-
-body {
- margin: 0px auto;
- background: url('images/background.gif') no-repeat;
- background-position : center 0px;
- background-color: #4a0203;
-}
-
-form {
- margin: 0px;
-}
-a {
- text-decoration: none;
-}
-form input {
- font-size: 1.1em;
-}
-
-iframe {
- z-index: 1;
- border: 1px dashed #990000;
-}
-.iframe {
- background-color: #FFFFFF;
-}
-
-/* ID Based CSS Definitions */
-#wrapper {
- width: 810px;
- margin: 0px auto;
-}
-
-#header {
- background: url('images/header.png') no-repeat;
- background-position: 0px;
- height: 102px;
- width: 810px;
- margin-bottom: 5px;
- z-index: 2;
-}
-#header-left {
- position: relative;
- /* background: url('images/logo.gif') no-repeat; */
- background-position: center;
- height: 65px;
- width: 145px;
- left: 10px;
- float: left;
-}
-#header-left #status-link {
- position: relative;
- top: 10px;
- left: 6px;
-}
-#header-right {
- position: relative;
- /* background: url('images/header.gif') no-repeat; */
- height: 70px;
- color: #fff;
- left: 0px;
- margin-left: 165px;
-}
-#header-right .alert {
- position: relative;
- /* background: url('images/alert.gif') no-repeat; */
- background-position: 4px 2px;
- color: #fff;
- height: 17px;
- width: 500px;
- padding: 4px;
- padding-left: 27px;
- float: left;
-}
-#header-right .container {
- position: relative;
-}
-#header-right .container .left {
- position: relative;
- float: left;
- font-size: 1.3em;
- font-weight: bold;
- top: 15px;
- left: 4px;
- display: none;
-}
-#header-right .container .right {
- position: relative;
- float: right;
- top: 22px;
- padding-right: 4px;
- z-index: 1;
-}
-
-#header-right .container .right #alerts {
- position: relative;
- background: url('images/alert_bgr.png') no-repeat;
- height: 39px;
- width: 431px;
- z-index: 1;
- padding-top: 20px;
- padding-left: 5px;
- margin: 0px;
-}
-#header-right .container .right #hostname {
- position: relative;
- height: 39px;
- width: 431px;
- z-index: 1;
- padding-left: 5px;
- margin: 0px;
- top: 25px;
- left: 230px;
- font-size: 14px;
- color: #990000;
- font-weight: bold;
-}
-
-
-
-table#marquee {
- position: relative;
- top: -6px;
- left: -5px;
- border: 0;
- padding: 0;
- margin: 0;
- width: 424px;
- background-color: transparent;
- padding: 2px;
- border: 0px;
-}
-span#marquee-container {
- position: absolute;
- visibility: hidden;
- top: -100px;
- left: -10000px;
-}
-div#marquee-text {
- font-size: 1.18em;
- font-weight: normal;
- font-family: Verdana;
- color: #ffffff;
-}
-table#marquee div#container {
- position: relative;
- overflow: hidden;
- width: 418px;
- height: 20px;
-}
-table#marquee div#container div#scroller {
- position: absolute;
- left: 0px;
- top: 0px;
-}
-
-
-
-
-
-#content {
- position: relative;
- top: -5px;
- left: 0px;
- margin-top: 0px;
- margin-left: 0px;
- padding-top: 0px;
- width: 810px;
- background-color: #ffffff;
-}
-
-#left {
- width: 810px;
- height: 1px;
-}
-#right {
- position: relative;
- top: -10px;
- width: 770px;
- margin-top: 0px;
- margin-left: 5px;
- margin-right: 5px;
- padding-top: 5px;
- padding-left: 10px;
- padding-right: 10px;
- padding-bottom: 20px;
- min-height: 400px;
-}
-
-#footer {
- position: relative;
- background: url('images/footer.png') no-repeat;
- top: -18px;
- left: 0px;
- width: 810px;
- height: 75px;
- color: #999999;
- text-align: center;;
- font-size: 0.9em;
- padding-top: 17px;
- margin-bottom: 20px;
- clear: both;
-}
-#footer p {
- padding: 0px;
- margin: 0px;
-}
-
-/* Style the List */
-#navigation {
- /* background: url('images/menu.gif') no-repeat; */
- /* width: 693px; */
- position: relative;
- top: -35px;
- left: 3px;
- width: 810px;
- padding: 0px;
- height: 28px;
- z-index: 3;
-}
-#navigation ul {
- padding: 0;
- margin: 0;
- list-style: none;
- text-align: center;
-}
-#navigation ul#menu {
- padding-top: 3px;
- padding-left: 5px;
-}
-
-/* Style the List Elements */
-#navigation ul li {
- float: left;
- position: relative;
- /* width: 7.5em; */
- width: 8.77em;
-}
-#navigation ul li div {
- font-size: 1em;
- font-weight: bold;
-}
-/* Make the List inside the List Elements */
-/* initially hidden with absolute position */
-#navigation ul li ul {
- display: none;
- position: absolute;
- top: 2em;
- left: -2px;
- width: 9em;
- font-weight: normal;
- background: transparent bottom left no-repeat; /* This is key to making the menu maintain visibility when not on a link */
- /* background-color: #202020;
- background: url("images/menu_footer.gif") no-repeat;
- background-position: bottom;
- */
- padding: 0em 0 0.4em 0;
- padding-top: 0.3em;
-}
-/* to override top and left in browsers other than IE */
-/* which will position to the top right of the containing */
-/* li, rather than bottom left */
-#navigation ul li > ul {
- top: auto;
- left: auto;
- left: -1px !important;
-}
-/* Show initial drop down upon mouse over, but do not show */
-/* nested side drop menus within listed elements */
-#navigation ul li:hover ul {
- display: block;
- cursor: pointer;
-}
-#navigation ul li:hover {
- cursor: pointer;
- cursor: pointer;
-}
-#navigation ul li:hover div {
- text-decoration: none;
-}
-
-#navigation ul li {
- background-color: transparent;
- color: #FFF;
-}
-#navigation ul li ul li {
- border: 1px solid #990000;
- width: 8.8em;
- height: 1.6em;
- line-height: 1.6em;
- background-color: #990000;
- color: #FFF;
-}
-#navigation ul li ul li:hover {
- background-color: #666666;
-}
-
-#navigation li li a {
- display: block;
- padding-left: 10px;
- padding-right: 10px;
-}
-
-#navigation ul li ul li a.navlnk:hover {
- text-decoration: none;
-}
-#navigation ul li.first {
- border-right: 0px;
-}
-#navigation ul li.middle {
- border-right: 0px;
-}
-#navigation ul li.last {
-
-}
-
-#navigation ul li.dropfirst {
- border-bottom: 0px;
-}
-#navigation ul li.dropmiddle {
- border-bottom: 0px;
-}
-#navigation ul li.droplast {
-}
-
-#wzdtabcont {
- float: left;
- background-color: #FFFFFF;
- color: #000000;
- padding: 0;
-}
-
-ul#wzdnav {
- font-size: 0.96em;
- float: left;
- width: 14.5em;
- margin: 0;
- padding-left: 18px;
-}
-
-ul#wzdnav li {
- list-style: none;
- margin: 0;
- padding-bottom: 0.2em;
- padding-left: 0;
-}
-
-ul#wzdnav a {
- display: block;
- padding: 0.3em;
- font-weight: normal;
-}
-
-#wzdnavbold a {
- display: block;
- padding: 0.3em;
- font-weight: bold ! important;
-}
-
-ul#wzdnav a:link {
- color: black;
- background-color: #eee;
-}
-
-ul#wzdnav a:visited {
- color: #666;
- background-color: #eee;
-}
-
-ul#wzdnav a:hover {
- color: black;
- background-color: white;
-}
-
-ul#wzdnav a:active {
- color: white;
- background-color: gray;
-}
-
-#graph {
- position: relative;
- z-index: 10;
-}
-
-#logoutbtn {
- position: absolute;
- left: 95%;
- vertical-align: middle;
-}
-
-
-#graph {
- position: relative;
- z-index: 10;
-}
-
-
-
-/* Class Based CSS Definitions */
-.pgtitle {
- font-size: 18px;
- color: #777777;
- font-weight: bold;
-}
-.tfrtitle {
- font-size: 18px;
- color: #ffffff;
- font-weight: bold;
-}
-.vncell {
- background-color: #DDDDDD;
- padding-right: 20px;
- padding-left: 8px;
- border-bottom: 1px solid #999999;
-}
-.formfld {
- font-size: small;
-}
-.formselect {
- font-size: 1.0em;
-}
-.langopt {
- padding-left: 34px;
- padding-top: 2px;
- padding-bottom: 2px;
-}
-.saved {
- /* background: url('/themes/nione/images/icons/icon_wzd_saved.png') no-repeat 0 1px #FFFFFF; */
- list-style-image: url('/themes/nervecenter/images/icons/icon_wzd_saved.png') ! important;
-}
-.notsaved {
- /* background: url('/themes/nione/images/icons/icon_wzd_nsaved.png') no-repeat 0 1px #FFFFFF; */
- list-style-image: url('/themes/nervecenter/images/icons/icon_wzd_nsaved.png') ! important;
-}
-.en {
- background: url('/themes/nervecenter/images/icons/icon_flag_en.png') no-repeat 0 1px #FFFFFF;
-}
-.de {
- background: url('/themes/nervecenter/images/icons/icon_flag_de.png') no-repeat 0 1px #FFFFFF;
-}
-.es {
- background: url('/themes/nervecenter/images/icons/icon_flag_es.png') no-repeat 0 1px #FFFFFF;
-}
-.pt_BR {
- background: url('/themes/nervecenter/images/icons/icon_flag_pt_BR.png') no-repeat 0 1px #FFFFFF;
-}
-.host {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_host.png') no-repeat 0 1px #FFFFFF;
-}
-.search {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_search.png') no-repeat 0 1px #FFFFFF;
-}
-.file {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_file.png') no-repeat 0 1px #FFFFFF;
-}
-.mail {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_mail.png') no-repeat 0 1px #FFFFFF;
-}
-.imp {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_imp.png') no-repeat 0 1px #FFFFFF;
-}
-.pwd {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_pwd.png') no-repeat 0 1px #FFFFFF;
-}
-.user {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_user.png') no-repeat 0 1px #FFFFFF ;
-}
-.group {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_group.png') no-repeat 0 1px #FFFFFF;
-}
-.url {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_url.png') no-repeat 0 1px #FFFFFF;
-}
-.time {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_time.png') no-repeat 0 1px #FFFFFF;
-}
-.unknown {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_unknown.png') no-repeat 0 1px #FFFFFF;
-}
-.formfld_cert {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_cert.png') no-repeat 0 1px #FFFFFF;
- padding-left: 28px;
- font-family: Courier New, Courier, monospaced;
- font-size: 11px;
-}
-.formfldalias {
- background-color: #990000;
- color: #FFFFFF;
-}
-.formpre {
- font-family: Courier New, Courier, monospaced;
- font-size: 10px;
-}
-.formbtn {
- font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
- font-size: 13px;
- font-weight: bold;
-}
-.formbtns {
- font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
- font-size: 10px;
- font-weight: bold;
-}
-.vvcell {
- background-color: #FFFFC6;
-}
-.errmsg {
- font-weight: bold;
- color: #CC0000;
-}
-.red {
- color: #CC0000;
-}
-.gray {
- color: #A0A0A0;
-}
-.vexpl {
- font-size: 11px;
-}
-.navlnk {
- color: #FFFFFF;
- text-decoration: none;
- font-size: 13px;
-}
-.navlnks {
- color: #FFFFFF;
- text-decoration: none;
- font-size: 11px;
-}
-.redlnk {
- color: #990000;
- text-decoration: none;
-}
-.tblnk {
- color: #999999;
- text-decoration: none;
-}
-.vncellreq {
- background-color: #DDDDDD;
- padding-right: 20px;
- padding-left: 8px;
- font-weight: bold;
- border-bottom: 1px solid #999999;
-}
-.vncellt {
- background-color: #DDDDDD;
- padding-right: 20px;
- padding-left: 8px;
- padding-top: 4px;
- padding-bottom: 4px;
- font-weight: bold;
- border-bottom: 1px solid #999999;
-}
-.vtable {
- border-bottom: 1px solid #999999;
-}
-.vnsepcell {
- background-color: #BBBBBB;
- padding-right: 20px;
- padding-left: 8px;
- font-weight: bold;
- border-bottom: 1px solid #999999;
- font-size: 11px;
-}
-.cpline {
- font-size: 11px;
- color: #FFFFFF;
-}
-.hostname {
- font-size: 11px;
- color: #990000;
- font-weight: bold;
-}
-.vnsepcellr {
- background-color: #BBBBBB;
- padding-right: 20px;
- padding-left: 8px;
- font-weight: bold;
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- font-size: 11px;
-}
-.listr {
- background-color: #FFFFFF;
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- font-size: 11px;
- padding-right: 6px;
- padding-left: 6px;
- padding-top: 4px;
- padding-bottom: 4px;
-}
-.listrpad {
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- font-size: 11px;
- padding-right: 16px;
- padding-left: 10px;
- padding-top: 8px;
- padding-bottom: 8px;
-}
-.listn {
- font-size: 11px;
- padding-right: 16px;
- padding-left: 6px;
- padding-top: 4px;
- padding-bottom: 4px;
-}
-.listbg {
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- font-size: 11px;
- background-color: #990000;
- color: #FFFFFF;
- padding-right: 16px;
- padding-left: 6px;
- padding-top: 4px;
- padding-bottom: 4px;
-}
-.listbggrey {
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- font-size: 11px;
- background-color: #999999;
- padding-right: 16px;
- padding-left: 6px;
- padding-top: 4px;
- padding-bottom: 4px;
-}
-.listhdr {
- background-color: #BBBBBB;
- padding-right: 16px;
- padding-left: 6px;
- font-weight: bold;
- border-bottom: 1px solid #999999;
- font-size: 11px;
- padding-top: 5px;
- padding-bottom: 5px;
-}
-.listhdr a {
- color: #000000;
-}
-.listhdrr {
- background-color: #BBBBBB;
- padding-right: 16px;
- padding-left: 6px;
- font-weight: bold;
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- font-size: 11px;
- padding-top: 5px;
- padding-bottom: 5px;
-}
-.listhdrr a {
- color: #000000;
-}
-.listlr {
- background-color: #FFFFFF;
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- border-left: 1px solid #999999;
- font-size: 11px;
- padding-right: 6px;
- padding-left: 6px;
- padding-top: 4px;
- padding-bottom: 4px;
-}
-.listlrns {
- background-color: #FFFFFF;
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- border-left: 1px solid #999999;
- font-size: 11px;
- padding-top: 4px;
- padding-bottom: 4px;
-}
-.list {
- font-size: 11px;
- padding-left: 6px;
- padding-top: 2px;
- padding-bottom: 2px;
-}
-.listt {
- font-size: 11px;
- padding-top: 5px;
-}
-.listhdrrns {
- background-color: #BBBBBB;
- padding-left: 6px;
- padding-top: 5px;
- padding-bottom: 5px;
- padding-right: 6px;
- font-weight: bold;
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- font-size: 11px;
-}
-.listbgns {
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- font-size: 11px;
- background-color: #D9DEE8;
- padding-left: 6px;
- padding-right: 4px;
- padding-top: 4px;
- padding-bottom: 4px;
-}
-.listtopic {
- border-right: 1px solid #999999;
- font-size: 11px;
- background-color: #990000;
- padding-right: 16px;
- padding-left: 6px;
- color: #FFFFFF;
- font-weight: bold;
- padding-top: 5px;
- padding-bottom: 5px;
-}
-.optsect_t {
- border-right: 1px solid #999999;
- background-color: #990000;
- padding-right: 6px;
- padding-left: 6px;
- padding-top: 2px;
- padding-bottom: 2px;
-}
-.optsect_s {
- font-size: 11px;
- color: #FFFFFF;
- font-weight: bold;
-}
-.tabnavtbl {
-}
-
-
-/* MISC CSS Definitions */
-ul#tabnav {
- font-size: 11px;
- font-weight: bold;
- list-style-type: none;
- margin: 0;
- padding: 0;
-}
-ul#tabnav li.tabinact1 {
- float: left;
- background-color: #777777;
- color: #FFFFFF;
- padding: 0;
- white-space: nowrap;
-}
-ul#tabnav li.tabinact {
- float: left;
- border-left: 1px solid #999999;
- background-color: #777777;
- color: #FFFFFF;
- padding: 0;
- white-space: nowrap;
-}
-ul#tabnav li.tabinact a {
- float: left;
- display: block;
- text-decoration: none;
- padding: 5px 8px 5px 8px;
- color: #FFFFFF;
-}
-ul#tabnav li.tabinact1 a {
- float: left;
- display: block;
- text-decoration: none;
- padding: 5px 8px 5px 8px;
- color: #FFFFFF;
-}
-ul#tabnav li.tabact {
- float: left;
- background-color: #EEEEEE;
- color: #000000;
- padding: 5px 8px 5px 8px;
- white-space: nowrap;
-}
-.tabcont {
- background-color: #EEEEEE;
- padding-right: 12px;
- padding-left: 12px;
- padding-top: 12px;
- padding-bottom: 12px;
-}
-.tabact {
- float: left;
- background-color: #EEEEEE;
- color: #000000;
- padding: 5px 8px 5px 8px;
- white-space: nowrap;
-}
-.tabinact {
- font-weight: bold;
- float: left;
- border-left: 1px solid #999999;
- background-color: #777777;
- color: #FFFFFF;
- padding: 0;
- white-space: nowrap;
-}
-.menu {
- background-color: #000000;
- white-space: nowrap;
- padding: 0px 5px 0px 5px;
- width: 100%;
- vertical-align: top;
-}
-
-
-/* Auto Complete Suggestions */
-div.suggestions {
- -moz-box-sizing: border-box;
- /* box-sizing: border-box; */
- border: 1px solid black;
- position: absolute;
- background-color: #990000;
- color: #FFF;
-}
-
-div.suggestions div {
- cursor: default;
- padding: 0px 3px;
- background-color: #990000;
- color: #FFF;
-}
-
-div.suggestions div.current {
- background-color: #3366cc;
- color: #FFF;
-}
-/* End Auto Complete Suggestions */
-
-
-/* Nifty Corners Crap */
-.rtop,.artop{display:block}
-.rtop *,.artop *{display:block;height:1px;overflow:hidden;font-size:1px}
-.artop *{border-style: solid;border-width:0 1px}
-.r1,.rl1,.re1,.rel1{margin-left:5px}
-.r1,.rr1,.re1,.rer1{margin-right:5px}
-.r2,.rl2,.re2,.rel2,.ra1,.ral1{margin-left:3px}
-.r2,.rr2,.re2,.rer2,.ra1,.rar1{margin-right:3px}
-.r3,.rl3,.re3,.rel3,.ra2,.ral2,.rs1,.rsl1,.res1,.resl1{margin-left:2px}
-.r3,.rr3,.re3,.rer3,.ra2,.rar2,.rs1,.rsr1,.res1,.resr1{margin-right:2px}
-.r4,.rl4,.rs2,.rsl2,.re4,.rel4,.ra3,.ral3,.ras1,.rasl1,.res2,.resl2{margin-left:1px}
-.r4,.rr4,.rs2,.rsr2,.re4,.rer4,.ra3,.rar3,.ras1,.rasr1,.res2,.resr2{margin-right:1px}
-.rx1,.rxl1{border-left-width:5px}
-.rx1,.rxr1{border-right-width:5px}
-.rx2,.rxl2{border-left-width:3px}
-.rx2,.rxr2{border-right-width:3px}
-.re2,.rel2,.ra1,.ral1,.rx3,.rxl3,.rxs1,.rxsl1{border-left-width:2px}
-.re2,.rer2,.ra1,.rar1,.rx3,.rxr3,.rxs1,.rxsr1{border-right-width:2px}
-.rxl1,.rxl2,.rxl3,.rxl4,.rxsl1,.rxsl2,.ral1,.ral2,.ral3,.ral4,.rasl1,.rasl2{border-right-width:0}
-.rxr1,.rxr2,.rxr3,.rxr4,.rxsr1,.rxsr2,.rar1,.rar2,.rar3,.rar4,.rasr1,.rasr2{border-left-width:0}
-.r4,.rl4,.rr4,.re4,.rel4,.rer4,.ra4,.rar4,.ral4,.rx4,.rxl4,.rxr4{height:2px}
-.rer1,.rel1,.re1,.res1,.resl1,.resr1{border-width:1px 0 0;height:0px !important;height /**/:1px}
-/* End Nifty Corners Crap */
-
-/* Widget CSS */
-.widgetsubheader {
- border-right: 1px solid #999999;
- font-size: 11px;
- background-color: #999999;
- padding-right: 6px;
- padding-left: 6px;
- color: #FFFFFF;
- font-weight: bold;
- padding-top: 5px;
- padding-bottom: 5px;
-}
-.widgetheader {
- border-right: 1px solid #999999;
- font-size: 11px;
- background-color: #990000;
- padding-right: 6px;
- padding-left: 6px;
- color: #FFFFFF;
- font-weight: bold;
- padding-top: 5px;
- padding-bottom: 5px;
-}
-.widgetdiv{
- margin:5px;
- padding: 5px;
- background:#CCCCCC;
-}
-
-/* CSS for Dynamic Log Viewer */
-/* Author: Erik Kristensen */
-div#log div.log-entry {
- clear: both;
-}
-
-div#log div.log-entry span,
-div#log div.log-header span {
- padding: 3px 2px 3px 2px;
- padding-left: 8px;
-}
-
-div#log div.log-entry span.log-action {
- padding-bottom: 6px;
- padding-left: 5px;
- padding-right: 5px;
-}
-
-div#log div.log-header span {
- border-top: 1px solid #999;
- background-color: #bbb;
- font-weight: bold;
- text-align: left;
-}
-
-div#log span.log-action,
-div#log span.log-time,
-div#log span.log-interface,
-div#log span.log-source,
-div#log span.log-destination,
-div#log span.log-protocol {
- float: left;
- text-align: left;
- border-left: 1px solid #999;
- border-bottom: 1px solid #999;
-}
-
-div#log span.log-general {
-
-}
-
-div#log span.log-protocol {
- border-right: 1px solid #999;
-}
-
-div#log span.log-action {
- width: 2em;
- text-align: center;
-}
-
-div#log span.log-time {
- width: 12.5em;
-}
-
-div#log span.log-interface {
- width: 5em;
-}
-
-div#log span.log-source,
-div#log span.log-destination {
- width: 17.6em;
-}
-
-div#log span.log-protocol {
- width: 5.5em;
-}
-/* END CSS FOR DYNAMIC LOG VIEWER */
-
-#login {
- background: #cccccc;
- border: 0px solid #666666;
- margin: 5em auto;
- padding: 0em;
- width: 340px;
-}
-
-#login h1 {
- background: url(images/misc/logon.png) no-repeat top left;
- margin-top: 0;
- display: block;
- text-indent: -1000px;
- height: 50px;
- border-bottom: none;
-}
-
-#login p {
- font-size: 1em;
- font-weight: bold;
- padding: 3px;
- margin: 0em;
- text-indent: 10px;
-}
-
-#login span {
- font-size: 1em;
- font-weight: bold;
- width: 20%;
- padding: 3px;
- margin: 0em;
- text-indent: 10px;
-}
-
-#login p#text {
- font-size: 1em;
- font-weight: normal;
- padding: 3px;
- margin: 0em;
- text-indent: 10px;
-}
-
-#login #submit {
- font-size: 1em;
- font-weight: bold;
- padding: 3px;
- margin: 0em;
- text-indent: 10px;
-}
-
-/* Widget CSS */
-.widgetsubheader {
- border-right: 1px solid #999999;
- font-size: 11px;
- background-color: #B1B1B1;
- padding-right: 6px;
- padding-left: 6px;
- color: #000000;
- font-weight: bold;
- padding-top: 5px;
- padding-bottom: 5px;
-}
-.widgetheader {
- border-right: 1px solid #999999;
- font-size: 11px;
- background-color: #990000;
- padding-right: 6px;
- padding-left: 6px;
- color: #FFFFFF;
- font-weight: bold;
- padding-top: 5px;
- padding-bottom: 5px;
-}
-.widgetdiv{
- margin:5px;
- padding: 5px;
- background:#CCCCCC;
-}
-.widgetconfigdiv{
- background:#BBBBBB;
- font-size: 11px;
- color: #000000;
- padding-right: 5px;
- padding-left: 5px;
- padding-top: 5px;
- padding-bottom: 5px;
-}
-
-div#log div.log-entry-mini {
- clear: both;
-}
-
-div#log div.log-entry-mini span {
- padding: 2px 2px 2px 2px;
- padding-left: 8px;
-}
-
-div#log span.log-action-mini-header,
-div#log span.log-interface-mini-header,
-div#log span.log-source-mini-header,
-div#log span.log-destination-mini-header,
-div#log span.log-protocol-mini-header {
- float: left;
- text-align: left;
- background-color: #FFFFFF;
- font-size: 12px;
- border-left: 1px solid #999;
- border-bottom: 1px solid #999;
-}
-
-div#log span.log-action-mini,
-div#log span.log-time-mini,
-div#log span.log-interface-mini,
-div#log span.log-source-mini,
-div#log span.log-destination-mini,
-div#log span.log-protocol-mini {
- float: left;
- text-align: left;
- background-color: #FFFFFF;
- font-size: 11px;
- border-left: 1px solid #999;
- border-bottom: 1px solid #999;
-}
-
-div#log span.log-action-mini,
-div#log span.log-action-mini-header {
- width: 6%;
-}
-
-div#log span.log-interface-mini,
-div#log span.log-interface-mini-header {
- width: 8%;
-}
-
-div#log span.log-source-mini,
-div#log span.log-destination-mini,
-div#log span.log-source-mini-header,
-div#log span.log-destination-mini-header {
- width: 31%;
-}
-
-div#log span.log-protocol-mini,
-div#log span.log-protocol-mini-header {
- width: 8%;
- border-right: 1px solid #999;
-}
diff --git a/config/Fit123/bin/code-red/background.gif b/config/Fit123/bin/code-red/background.gif
deleted file mode 100644
index 3f0dc770..00000000
--- a/config/Fit123/bin/code-red/background.gif
+++ /dev/null
Binary files differ
diff --git a/config/Fit123/bin/code-red/footer.png b/config/Fit123/bin/code-red/footer.png
deleted file mode 100644
index b668a615..00000000
--- a/config/Fit123/bin/code-red/footer.png
+++ /dev/null
Binary files differ
diff --git a/config/Fit123/bin/code-red/header.png b/config/Fit123/bin/code-red/header.png
deleted file mode 100644
index 06921877..00000000
--- a/config/Fit123/bin/code-red/header.png
+++ /dev/null
Binary files differ
diff --git a/config/Fit123/bin/cpaddon/filter.inc b/config/Fit123/bin/cpaddon/filter.inc
new file mode 100644
index 00000000..9d74cbb3
--- /dev/null
+++ b/config/Fit123/bin/cpaddon/filter.inc
@@ -0,0 +1,3329 @@
+<?php
+/* $Id$ */
+/*
+ filter.inc
+ Copyright (C) 2004-2006 Scott Ullrich
+ Copyright (C) 2005 Bill Marquette
+ Copyright (C) 2006 Peter Allgeyer
+ All rights reserved.
+
+ originally part of m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+/* include all configuration functions */
+require_once("functions.inc");
+require_once("pkg-utils.inc");
+require_once("notices.inc");
+
+if($config['system']['shapertype'] <> "m0n0")
+ require_once ("shaper.inc");
+
+/* holds the items that will be executed *AFTER* the filter is fully loaded */
+$after_filter_configure_run = array();
+
+function filter_pflog_start() {
+ global $config, $g;
+
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "filter_pflog_start() being called $mt\n";
+ }
+
+ mute_kernel_msgs();
+
+ $pid = `ps awwwux | grep -v "grep" | grep "tcpdump -s 256 -v -l -n -e -ttt -i pflog0" | awk '{ print $2 }'`;
+ if(!$pid)
+ mwexec_bg("/usr/sbin/tcpdump -s 256 -v -l -n -e -ttt -i pflog0 | logger -t pf -p local0.info");
+
+ unmute_kernel_msgs();
+
+}
+
+/* reload filter async */
+function filter_configure() {
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "filter_configure() being called $mt\n";
+ }
+ global $g;
+
+ touch($g['tmp_path'] . "/filter_dirty");
+}
+
+/* reload filter sync */
+function filter_configure_sync() {
+ global $config, $g, $after_filter_configure_run;
+ filter_pflog_start();
+ update_filter_reload_status("Initializing");
+ /* invalidate interface cache */
+ get_interface_arr(true);
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "filter_configure_sync() being called $mt\n";
+ }
+
+ /* load ipfw / dummynet early on if required */
+ if($config['system']['dummynetshaper']) {
+ $status = intval(`kldstat | grep ipfw | wc -l | awk '{ print $1 }'`);
+ if($status == "0") {
+ mwexec("/sbin/kldload ipfw");
+ mwexec("/sbin/kldload dummynet");
+ }
+ } else {
+ /* check to see if any rules reference a schedule
+ * and if so load ipfw for later usage.
+ */
+ foreach($config['filter']['rule'] as $rule) {
+ if($rule['sched'])
+ $time_based_rules = true;
+ }
+ if($time_based_rules == true) {
+ $status = intval(`kldstat | grep ipfw | wc -l | awk '{ print $1 }'`);
+ if($status == "0") {
+ mute_kernel_msgs();
+ mwexec("/sbin/kldload ipfw");
+ unmute_kernel_msgs();
+ }
+ if ($config['system']['maximumstates'] <> "" && is_numeric($config['system']['maximumstates'])) {
+ /* Set ipfw states to user defined maximum states in Advanced menu. */
+ mwexec("sysctl net.inet.ip.fw.dyn_max={$config['system']['maximumstates']}");
+ } else {
+ /* Set to default 10,000 */
+ mwexec("sysctl net.inet.ip.fw.dyn_max=10000");
+ }
+ exec("/sbin/ipfw delete set 9");
+ exec("/sbin/ipfw delete 2");
+ exec("/sbin/ipfw delete 3");
+ }
+ }
+
+ $lan_if = $config['interfaces']['lan']['if'];
+ $wan_if = get_real_wan_interface();
+
+ /* generate aliases */
+ if($g['booting'] == true) echo ".";
+ update_filter_reload_status("Creating aliases");
+ $aliases = filter_generate_aliases();
+ /* generate nat rules */
+ if($g['booting'] == true) echo ".";
+ update_filter_reload_status("Generating NAT rules");
+ $natrules = filter_nat_rules_generate();
+ /* generate pfctl rules */
+ if($g['booting'] == true) echo ".";
+ update_filter_reload_status("Generating filter rules");
+ $pfrules = filter_rules_generate();
+
+ if (isset($config['shaper']['enable']) and $config['system']['shapertype'] <> "m0n0") {
+ /* generate altq interface setup parms */
+ if($g['booting'] == true) echo ".";
+ update_filter_reload_status("Generating ALTQ interfaces");
+ $altq_ints = filter_setup_altq_interfaces();
+ /* generate altq queues */
+ if($g['booting'] == true) echo ".";
+ update_filter_reload_status("Generating ALTQ queues");
+ $altq_queues = filter_generate_altq_queues($altq_ints);
+ /* generate altq rules */
+ if($g['booting'] == true) echo ".";
+ /* Setup a default rule that tags ALL packets as unshaped
+ * we'll match only unshaped packets in the shaper code later
+ * this allows the shaper to be first match
+ */
+ $pf_altq_rules = "block in all tag unshaped label \"SHAPER: first match rule\"\n";
+ update_filter_reload_status("Generating ALTQ rules");
+ $pf_altq_rules .= filter_generate_pf_altq_rules();
+ }
+
+ update_filter_reload_status("Loading filter rules");
+
+ /* enable pf if we need to, otherwise disable */
+ if (!isset ($config['system']['disablefilter'])) {
+ mwexec("/sbin/pfctl -e", true);
+ } else {
+ mwexec("/sbin/pfctl -d");
+ unlink_if_exists("{$g['tmp_path']}/filter_loading");
+ update_filter_reload_status("Filter is disabled. Not loading rules.");
+ return;
+ }
+
+ // Copy rules.debug to rules.debug.old
+ if(file_exists("{$g['tmp_path']}/rules.debug"))
+ exec("cp {$g['tmp_path']}/rules.debug {$g['tmp_path']}/rules.debug.old");
+
+ $fd = fopen("{$g['tmp_path']}/rules.debug", "w");
+ $rules = $aliases . " \n";
+
+ update_filter_reload_status("Setting up logging information");
+
+ $rules .= setup_logging_interfaces();
+
+ if ($config['system']['optimization'] <> "") {
+ $rules .= "set optimization {$config['system']['optimization']}\n";
+ if ($config['system']['optimization'] == "conservative") {
+ $rules .= "set timeout { udp.first 300, udp.single 150, udp.multiple 900 }\n";
+ }
+ } else {
+ $rules .= "set optimization normal\n";
+ }
+
+ if ($config['system']['maximumstates'] <> "" && is_numeric($config['system']['maximumstates'])) {
+ /* User defined maximum states in Advanced menu. */
+ $rules .= "set limit states {$config['system']['maximumstates']}\n";
+ }
+ $rules .= "\n";
+
+ update_filter_reload_status("Setting up SCRUB information");
+ /* get our wan interface? */
+ $wanif = get_real_wan_interface();
+
+ /* disable scrub option */
+ if(!isset($config['system']['disablescrub'])) {
+ /* set up MSS clamping */
+ if ($config['interfaces']['wan']['mtu'] <> "" and is_numeric($config['interfaces']['wan']['mtu']))
+ $mssclamp = "max-mss " . (intval($config['interfaces']['wan']['mtu'] - 40));
+ else
+ if ($config['interfaces']['wan']['ipaddr'] == "pppoe")
+ $mssclamp = "max-mss 1452";
+ else
+ $mssclamp = "";
+
+ /* configure no-df for linux nfs and others */
+ if ($config['system']['scrubnodf'])
+ $scrubnodf = "no-df random-id";
+ else
+ $scrubnodf = "random-id";
+ $rules .= "scrub all {$scrubnodf} {$mssclamp} fragment reassemble\n"; // reassemble all directions
+ } else if ($config['interfaces']['wan']['mtu'] <> "" and is_numeric($config['interfaces']['wan']['mtu'])) {
+ $rules .= "scrub {$mssclamp}\n"; // reassemble all directions
+ }
+
+ if($config['system']['shapertype'] <> "m0n0") {
+ $rules.= "{$altq_ints}\n";
+ $rules.= "{$altq_queues}\n";
+ }
+ $rules.= "{$natrules}\n";
+ if($config['system']['shapertype'] <> "m0n0")
+ $rules.= "{$pf_altq_rules}\n";
+ $rules.= "{$pfrules}\n";
+ fwrite($fd, $rules);
+ fclose($fd);
+
+ $rules = "1"; // force to be diff from oldrules
+ $oldrules = "2"; // force to be diff from rules
+
+ if(file_exists("{$g['tmp_path']}/rules.debug"))
+ $rules = file_get_contents("{$g['tmp_path']}/rules.debug");
+ if(file_exists("{$g['tmp_path']}/rules.debug.old"))
+ $oldrules = file_get_contents("{$g['tmp_path']}/rules.debug.old");
+
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "pfctl being called at $mt\n";
+ }
+ $rules_loading = mwexec("/sbin/pfctl -o basic -f {$g['tmp_path']}/rules.debug");
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "pfctl done at $mt\n";
+ }
+
+ /* check for a error while loading the rules file. if an error has occured
+ then output the contents of the error to the caller */
+ if($rules_loading <> 0) {
+ $rules_error = exec_command("/sbin/pfctl -f {$g['tmp_path']}/rules.debug");
+ $line_error = split("\:", $rules_error);
+ $line_number = $line_error[1];
+ $rules_file = `/bin/cat {$g['tmp_path']}/rules.debug`;
+ $line_split = split("\n", $rules_file);
+ if(is_array($line_split))
+ $line_error = "The line in question reads [{$line_number}]: {$line_split[$line_number-1]}";
+ if($line_error and $line_number) {
+ file_notice("filter_load", "There were error(s) loading the rules: {$rules_error} {$line_error}", "Filter Reload", "");
+ log_error("There were error(s) loading the rules: {$rules_error} - {$line_error}");
+ update_filter_reload_status("There were error(s) loading the rules: {$rules_error} - {$line_error}");
+ return;
+ }
+ }
+
+ unlink_if_exists("/usr/local/pkg/pf/carp_sync_client.php");
+
+ /* run items scheduled for after filter configure run */
+ $fda = fopen("/tmp/commands.txt", "w");
+ foreach($after_filter_configure_run as $afcr)
+ fwrite($fda, $afcr . "\n");
+ fclose($fda);
+ if(file_exists("/tmp/commands.txt")) {
+ mwexec("sh /tmp/commands.txt &");
+ unlink("/tmp/commands.txt");
+ }
+
+ update_filter_reload_status("Running plugins");
+
+ if(is_dir("/usr/local/pkg/pf/")) {
+ /* process packager manager custom rules */
+ update_filter_reload_status("Running plugins (pf)");
+ run_plugins("/usr/local/pkg/pf/");
+ update_filter_reload_status("Plugins completed.");
+ }
+
+ system_start_ftp_helpers();
+
+ if($config['system']['shapertype'] == "m0n0") {
+ require_once ("/etc/inc/m0n0/shaper.inc");
+ shaper_configure();
+ }
+
+ /* if time based rules are enabled then swap in the set */
+ if($time_based_rules == true) {
+ tdr_install_cron(true);
+ tdr_install_set();
+ } else {
+ tdr_install_cron(false);
+ }
+
+ /*
+ we need a way to let a user run a shell cmd after each
+ filter_configure() call. run this xml command after
+ each change.
+ */
+ if($config['system']['afterfilterchangeshellcmd'] <> "")
+ mwexec($config['system']['afterfilterchangeshellcmd']);
+
+ /* sync carp entries to other firewalls */
+ update_filter_reload_status("Syncing CARP data");
+ carp_sync_client();
+
+ system_routing_configure();
+
+ update_filter_reload_status("Done");
+
+ return 0;
+}
+
+function filter_generate_aliases() {
+ global $config, $g;
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "filter_generate_aliases() being called $mt\n";
+ }
+ $aliases = "";
+
+ $i = 0;
+
+ $lanip = find_interface_ip($config['interfaces']['lan']['if']);
+ $wanip = find_interface_ip(get_real_wan_interface());
+
+ $aliases .= "# System Aliases \n";
+ $aliases .= "loopback = \"{ lo0 }\"\n";
+ $aliases .= "lan = \"{ {$config['interfaces']['lan']['if']}{$lan_aliases} }\"\n";
+
+ if($config['interfaces']['wan']['ipaddr'] == "pppoe" or $config['interfaces']['wan']['ipaddr'] == "pptp") {
+ $aliases .= "ng0 = \"{ " . $config['interfaces']['wan']['if'] . " " . get_real_wan_interface() . " }\" \n";
+ $aliases .= "wan = \"{ " . $config['interfaces']['wan']['if'] . " ng0 }\"\n";
+ } else {
+ $aliases .= "wan = \"{ " . get_real_wan_interface() . " }\"\n";
+ }
+
+ $aliases .= "enc0 = \"{ enc0 }\"\n";
+
+ /* used to count netgraph interfaces */
+ $counter = 0;
+
+ /* ng ordering is VERY important here. do not alter order */
+ if($config['pptpd']['mode'] == "server") {
+ /* build pptp alias */
+ $tmp = "pptp = \"{ ";
+ $starting_pptp = 1;
+ if($config['interfaces']['wan']['ipaddr'] == "pppoe")
+ $starting_pptp = 1;
+ for($x=$starting_pptp; $x<$g["n_pptp_units"]+$starting_pptp; $x++)
+ $tmp .= "ng{$x} ";
+ $counter = $x;
+ $tmp .= "}\" \n";
+ if($counter > 0)
+ $aliases .= $tmp;
+ }
+ if($config['pppoe']['mode'] == "server") {
+ /* build pppoe alias */
+ $tmp = "pppoe = \"{ ";
+ $starting_pppoe = 1;
+ if($config['interfaces']['wan']['ipaddr'] == "pppoe")
+ $starting_pppoe = 1;
+ for($x=0; $x<$g["n_pppoe_units"]+$starting_pppoe; $x++) {
+ $tmp .= "ng{$counter} ";
+ $counter++;
+ }
+ $tmp .= "}\" \n";
+ if($x > 0)
+ $aliases .= $tmp;
+ }
+
+ $ifdescrs = array();
+ for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) {
+ $ifdescrs['opt' . $j] = "opt" . $j;
+ }
+ $bridgetracker = 0;
+ foreach ($ifdescrs as $ifdescr => $ifname) {
+ /* do not process tun interfaces */
+ /* do process tun interfaces for openvpn compatibility */
+ /* if(stristr(filter_opt_interface_to_real($ifname), "tun") == true) continue; */
+ $aliases .= convert_friendly_interface_to_friendly_descr($ifname) . " = \"{ " . filter_opt_interface_to_real($ifname);
+// if(link_int_to_bridge_interface($ifname))
+// $aliases .= " " . link_int_to_bridge_interface($ifname);
+ $optip = find_interface_ip($config['interfaces'][$ifname]['if']);
+ if($optip) {
+ $opt_carp_ints = link_ip_to_carp_interface($optip);
+ if($opt_carp_ints)
+ $aliases .= $opt_carp_ints;
+ }
+ $aliases .= " }\"\n";
+ }
+ $aliases .= "# User Aliases \n";
+ /* Setup pf groups */
+ if (isset($config['aliases']['alias'])) {
+ foreach ($config['aliases']['alias'] as $alias) {
+ $extraalias = "";
+ $ip = find_interface_ip($alias['address']);
+ $extraalias = " " . link_ip_to_carp_interface($ip);
+ $aliases .= "{$alias['name']} = \"{ {$alias['address']}{$extralias} }\"\n";
+ }
+ }
+
+ return $aliases;
+}
+
+function get_vpns_list() {
+ global $config;
+ /* build list of vpns */
+ $vpns = "";
+ $isfirst = true;
+ /* ipsec */
+ if ($config['ipsec']['tunnel']) {
+ foreach ($config['ipsec']['tunnel'] as $tunnel) {
+ if ($isfirst == false)
+ $vpns .= " ";
+ $vpns .= $tunnel['remote-subnet'];
+ $isfirst = false;
+ }
+ }
+ /* openvpn */
+ foreach (array('client', 'server') as $type) {
+ $conf =& $config['installedpackages']["openvpn$type"]['config'];
+ if (!is_array($conf)) continue;
+ foreach ($conf as $tunnel) {
+ if ($isfirst == false)
+ $vpns .= " ";
+ $vpns .= $tunnel['remote_network'];
+ $isfirst = false;
+ }
+ }
+ /* pppoe */
+ if ($config['pppoe']['remoteip']) {
+ if ($isfirst == false)
+ $vpns .= " ";
+ $vpns .= $config['pppoe']['remoteip'] ."/". $config['pppoe']['pppoe_subnet'];
+ $isfirst = false;
+ }
+ $vpns .= " ";
+ return $vpns;
+}
+
+function generate_optcfg_array(& $optcfg) {
+ global $config;
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "generate_optcfg_array() being called $mt\n";
+ }
+
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ $oc = $config['interfaces']['opt' . $i];
+
+ if (isset($oc['enable']) && $oc['if']) {
+ $oic = array();
+ $oic['if'] = $oc['if'];
+
+ if ($oc['bridge']) {
+ if (!strstr($oc['bridge'], "opt") ||
+ isset($config['interfaces'][$oc['bridge']]['enable'])) {
+ if (is_ipaddr($config['interfaces'][$oc['bridge']]['ipaddr'])) {
+ $oic['ip'] = $config['interfaces'][$oc['bridge']]['ipaddr'];
+ $oic['sn'] = $config['interfaces'][$oc['bridge']]['subnet'];
+ $oic['sa'] = gen_subnet($oic['ip'], $oic['sn']);
+ }
+ }
+ $oic['bridge'] = 1;
+ } else {
+ $oic['ip'] = $oc['ipaddr'];
+ $oic['sn'] = $oc['subnet'];
+ $oic['sa'] = gen_subnet($oic['ip'], $oic['sn']);
+ $oic['descr'] = $oc['descr'];
+ }
+
+ $optcfg['opt' . $i] = $oic;
+ }
+ }
+}
+
+function filter_flush_nat_table() {
+ global $config, $g;
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "filter_flush_nat_table() being called $mt\n";
+ }
+ return mwexec("/sbin/pfctl -F nat");
+}
+
+function filter_flush_state_table() {
+ global $config, $g;
+
+ return mwexec("/sbin/pfctl -F state");
+}
+
+/* Generate a 'nat on' or 'no nat on' rule for given interface */
+function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = "any", $dstport = "", $natip = "", $natport = "", $nonat = false, $staticnatport = false) {
+ global $config;
+
+ /* XXX: billm - any idea if this code is needed? */
+ if($src == "/32" || $src{0} == "/")
+ return;
+
+ /* Use interface name if IP isn't specified */
+ if ($natip != "")
+ $tgt = "{$natip}/32";
+ else
+ $tgt = "($if)";
+
+ /* Add the hard set source port (useful for ISAKMP) */
+ if ($natport != "")
+ $tgt .= " port {$natport}";
+
+ /* sometimes this gets called with "" instead of a value */
+ if ($src == "")
+ $src = "any";
+
+ /* Match on this source port */
+ if ($srcport != "")
+ $src .= " port {$srcport}";
+
+ /* sometimes this gets called with "" instead of a value */
+ if ($dst == "")
+ $dst = "any";
+
+ /* Match on this dest port */
+ if ($dstport != "")
+ $dst .= " port {$dstport}";
+
+ /* Allow for negating NAT entries */
+ if ($nonat) {
+ $nat = "no nat";
+ $target = "";
+ } else {
+ $nat = "nat";
+ $target = "-> {$tgt}";
+ }
+
+ /* outgoing static-port option, hamachi, Grandstream, VOIP, etc */
+ if($staticnatport)
+ $staticnatport_txt = " static-port";
+ else
+ if(!$natport)
+ $staticnatport_txt = " port 1024:65535"; // set source port range
+ else
+ $staticnatport_txt = "";
+
+ $if_friendly = convert_real_interface_to_friendly_descr($if);
+
+ /* Put all the pieces together */
+ if($if_friendly)
+ $natrule = "{$nat} on \${$if_friendly} from {$src} to {$dst} {$target}{$staticnatport_txt}\n";
+
+ return $natrule;
+}
+
+function is_one_to_one_or_server_nat_rule($iptocheck) {
+ global $config, $target;
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "is_one_to_one_or_server_nat_rule() being called $mt\n";
+ }
+
+ if($config['nat']['onetoone'] <> "")
+ foreach($config['nat']['onetoone'] as $onetoone) {
+ if(ip_in_subnet($iptocheck,$onetoone['internal']."/".$onetoone['subnet']) == true)
+ return true;
+ if($onetoone['internal'] == $target)
+ return true;
+ }
+
+ if($config['nat']['servernat'] <> "")
+ foreach($config['nat']['servernat'] as $onetoone) {
+ $int = explode("/", $onetoone['ipaddr']);
+ if(ip_in_subnet($iptocheck,$onetoone['ipaddr']."/".$onetoone['subnet']) == true)
+ return true;
+ if($onetoone['ipaddr'] == $target)
+ return true;
+ }
+
+ if($config['nat']['rule'] <> "")
+ foreach($config['nat']['rule'] as $onetoone) {
+ $int = explode("/", $onetoone['target']);
+ if(ip_in_subnet($iptocheck,$onetoone['target']."/".$onetoone['subnet']) == true)
+ return true;
+ if($onetoone['target'] == $target)
+ return true;
+ }
+
+ return FALSE;
+}
+
+function filter_nat_rules_generate() {
+ global $config, $g, $after_filter_configure_run;
+
+ $wancfg = $config['interfaces']['wan'];
+ $lancfg = $config['interfaces']['lan'];
+
+ $pptpdcfg = $config['pptpd'];
+ $pppoecfg = $config['pppoe'];
+ $wanif = get_real_wan_interface();
+
+ $lanif = $config['interfaces']['lan']['if'];
+ $lanip = $config['interfaces']['lan']['ipaddr'];
+
+ $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']);
+
+ $natrules .= "nat-anchor \"pftpx/*\"\n";
+
+ $natrules .= "nat-anchor \"natearly/*\"\n";
+ $natrules .= "nat-anchor \"natrules/*\"\n";
+
+ $natrules .= "# FTP proxy\n";
+ $natrules .= "rdr-anchor \"pftpx/*\"\n";
+
+ update_filter_reload_status("Creating 1:1 rules...");
+
+ /* any 1:1 mappings? */
+ if (is_array($config['nat']['onetoone'])) {
+ foreach ($config['nat']['onetoone'] as $natent) {
+ if (!is_numeric($natent['subnet']))
+ $sn = 32;
+ else
+ $sn = $natent['subnet'];
+
+ if (!$natent['interface'] || ($natent['interface'] == "wan"))
+ $natif = $wanif;
+ else
+ $natif = $config['interfaces'][$natent['interface']]['if'];
+
+ if($natif)
+ $natrules .= "binat on $natif from {$natent['internal']}/{$sn} to any -> {$natent['external']}/{$sn}\n";
+ }
+ }
+
+ $natrules .= "\n# Outbound NAT rules\n";
+
+ /* outbound rules - advanced or standard */
+ if (isset($config['nat']['advancedoutbound']['enable'])) {
+ /* advanced outbound rules */
+ if (is_array($config['nat']['advancedoutbound']['rule'])) {
+ foreach ($config['nat']['advancedoutbound']['rule'] as $obent) {
+
+ update_filter_reload_status("Creating advanced outbound rule {$obent['descr']}");
+
+ $src = $obent['source']['network'];
+ if (isset($obent['destination']['not']) && !isset($obent['destination']['any']))
+ $dst = "!" . $obent['destination']['address'];
+ else
+ $dst = $obent['destination']['address'];
+
+
+ if (!$obent['interface'] || ($obent['interface'] == "wan"))
+ $natif = $wanif;
+ else
+ $natif = $config['interfaces'][$obent['interface']]['if'];
+
+ $natrules .= filter_nat_rules_generate_if($natif,
+ $src,
+ $obent['sourceport'],
+ $dst,
+ $obent['dstport'],
+ $obent['target'],
+ $obent['natport'],
+ isset($obent['nonat']),
+ isset($obent['staticnatport'])
+ );
+ }
+ }
+ } else {
+ /* standard outbound rules (one for each interface) */
+ update_filter_reload_status("Creating outbound NAT rules");
+
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$lansa}/{$lancfg['subnet']}", 500, "", 500, null, 500, false);
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$lansa}/{$lancfg['subnet']}", 5060, "", 5060, null, 5060, false);
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$lansa}/{$lancfg['subnet']}");
+
+ $optints = array();
+ generate_optcfg_array($optints);
+
+ /* generate lan nat mappings for opts with a gateway opts */
+ foreach($optints as $oc) {
+ $opt_interface = $oc['if'];
+ if (interface_has_gateway("$opt_interface")) {
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$lansa}/{$lancfg['subnet']}", 500, "", 500, null, 500, false);
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$lansa}/{$lancfg['subnet']}", 5060, "", 5060, null, 5060, false);
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$lansa}/{$lancfg['subnet']}");
+ }
+ }
+
+ /* optional interfaces */
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ update_filter_reload_status("Creating outbound rules (opt{$i})");
+ $optcfg = $config['interfaces']['opt' . $i];
+
+ if ((isset ($optcfg['enable'])) && (!$optcfg['bridge']) && (!interface_has_gateway("opt{$i}"))) {
+ $optsa = gen_subnet($optcfg['ipaddr'], $optcfg['subnet']);
+
+ /* create outbound nat entries for primary wan */
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$optsa}/{$optcfg['subnet']}", 500, "", 500, null, 500, false);
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$optsa}/{$optcfg['subnet']}", 5060, "", 5060, null, 5060, false);
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$optsa}/{$optcfg['subnet']}", null, "", null, null, null, isset($optcfg['nonat']));
+
+ /* create outbound nat entries for all opt wans */
+ foreach($optints as $oc) {
+ $opt_interface = $oc['if'];
+ if (interface_has_gateway("$opt_interface")) {
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$optsa}/{$optcfg['subnet']}", 500, "", 500, null, 500, false);
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$optsa}/{$optcfg['subnet']}", 5060, "", 5060, null, 5060, false);
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$optsa}/{$optcfg['subnet']}", null, "", null, null, null, isset($optcfg['nonat']));
+ }
+ }
+ }
+ }
+
+ /* PPTP subnet */
+ if ($pptpdcfg['mode'] == "server") {
+ $pptp_subnet = $g['pptp_subnet'];
+ if($config['pptp']['pptp_subnet'] <> "")
+ $pptp_subnet = $config['pptp']['pptp_subnet'];
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$pptpdcfg['remoteip']}/{$pptp_subnet}", 500, "", 500, null, 500, false);
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$pptpdcfg['remoteip']}/{$pptp_subnet}", 5060, "", 5060, null, 5060, false);
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$pptpdcfg['remoteip']}/{$pptp_subnet}");
+
+ /* generate nat mappings for opts with a gateway opts */
+ foreach($optints as $oc) {
+ $opt_interface = $oc['if'];
+ if ((is_private_ip($pptpdcfg['remoteip'])) && (interface_has_gateway($opt_interface))) {
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$pptpdcfg['remoteip']}/{$pptp_subnet}", 500, "", 500, null, 500, false);
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$pptpdcfg['remoteip']}/{$pptp_subnet}", 5060, "", 5060, null, 5060, false);
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$pptpdcfg['remoteip']}/{$pptp_subnet}");
+ }
+ }
+ }
+
+ /* PPPoE subnet */
+ if ($pppoecfg['mode'] == "server") {
+ $pppoe_subnet = $g['pppoe_subnet'];
+ if($config['pppoe']['pppoe_subnet'] <> "")
+ $pppoe_subnet = $config['pppoe']['pppoe_subnet'];
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$pppoecfg['remoteip']}/{$pppoe_subnet}", 500, "", 500, null, 500, false);
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$pppoecfg['remoteip']}/{$pppoe_subnet}", 5060, "", 5060, null, 5060, false);
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$pppoecfg['remoteip']}/{$pppoe_subnet}");
+
+ /* generate nat mappings for opts with a gateway opts */
+ foreach($optints as $oc) {
+ $opt_interface = $oc['if'];
+ if ((is_private_ip($pppoecfg['remoteip'])) && (interface_has_gateway($opt_interface))) {
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$pppoecfg['remoteip']}/{$pppoe_subnet}", 500, "", 500, null, 500, false);
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$pppoecfg['remoteip']}/{$pppoe_subnet}", 5060, "", 5060, null, 5060, false);
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$pppoecfg['remoteip']}/{$pppoe_subnet}");
+ }
+ }
+ }
+
+ /* static routes */
+ if (is_array($config['staticroutes']['route'])) {
+ foreach ($config['staticroutes']['route'] as $route) {
+ $netip = explode("/", $route['network']);
+ if ((! interface_has_gateway($route['interface'])) && (is_private_ip($netip[0]))) {
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$route['network']}", 500, "", 500, null, 500, false);
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$route['network']}", 5060, "", 5060, null, 5060, false);
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$route['network']}", "", null);
+ }
+ /* generate nat mapping for static routes on opts */
+ foreach($optints as $oc) {
+ $opt_interface = $oc['if'];
+ if ((! interface_has_gateway($route['interface'])) && (is_private_ip($netip[0])) && (interface_has_gateway($opt_interface))) {
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$route['network']}", 500, "", 500, null, 500, false);
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$route['network']}", 5060, "", 5060, null, 5060, false);
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$route['network']}", "", null);
+ }
+ }
+
+ }
+ }
+
+ }
+
+ $natrules .= "\n#SSH Lockout Table\n";
+ $natrules .= "table <sshlockout> persist\n\n";
+
+ /* is SPAMD insalled? */
+ if (is_package_installed("spamd") == 1) {
+ $natrules .= "\n# spam table \n";
+
+ $natrules .= "table <whitelist> persist\n";
+ $natrules .= "table <blacklist> persist\n";
+ $natrules .= "table <spamd> persist\n";
+ if(file_exists("/var/db/whitelist.txt"))
+ $natrules .= "table <spamd-white> persist file \"/var/db/whitelist.txt\"\n";
+ $natrules .= "rdr pass on {$wanif} proto tcp from <blacklist> to port smtp -> 127.0.0.1 port spamd\n";
+ $natrules .= "rdr pass on {$wanif} proto tcp from <spamd> to port smtp -> 127.0.0.1 port spamd\n";
+ $natrules .= "rdr pass on {$wanif} proto tcp from !<spamd-white> to port smtp -> 127.0.0.1 port spamd\n";
+ if($config['installedpackages']['spamdsettings']['config'])
+ foreach($config['installedpackages']['spamdsettings']['config'] as $ss)
+ $nextmta = $ss['nextmta'];
+ if($nextmta <> "") {
+ $natrules .= "rdr pass on {$wanif} proto tcp from <spamd-white> to port smtp -> {$nextmta} port smtp\n";
+ }
+ }
+
+ /* load balancer anchor */
+ $natrules .= "\n# Load balancing anchor - slbd updates\n";
+ $natrules .= "rdr-anchor \"slb\"\n";
+
+ update_filter_reload_status("Setting up FTP helper");
+
+ $natrules .= "\n# FTP Proxy/helper\n";
+ /* build an array of interfaces to work with */
+ $iflist = array("lan" => "LAN");
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++)
+ $iflist['opt' . $i] = "opt{$i}";
+ $interface_counter = 0;
+ $vpns_list = get_vpns_list();
+ /* prevent 1:1 ips from pftpx, they will be handled by ftp-sesame */
+ if($config['nat']['onetoone'])
+ foreach ($config['nat']['onetoone'] as $vipent)
+ $onetoone_list .= "{$vipent['internal']} ";
+ if($onetoone_list)
+ $natrules .= "table <onetoonelist> { $onetoone_list }\n";
+ if($vpns_list)
+ $natrules .= "table <vpns> { $vpns_list }\n";
+ /* loop through all interfaces and handle pftpx redirections */
+ foreach ($iflist as $ifent => $ifname) {
+ $ifname_lower = convert_friendly_interface_to_friendly_descr(strtolower($ifname));
+ $realif = convert_friendly_interface_to_real_interface_name(strtolower($ifname));
+ $int_ip = find_interface_ip($realif);
+ if(isset($config['interfaces'][strtolower($ifname)]['disableftpproxy'])) {
+ if($g['debug'])
+ log_error("Filter: FTP proxy disabled for interface {$ifname} - ignoring.");
+ $interface_counter++;
+ continue;
+ }
+ if(stristr($ifname, "opt")) {
+ if(!isset($config['interfaces'][$ifname]['enable'])) {
+ continue;
+ }
+ }
+ /* are we in routed mode? no source nat rules and not a outside interface? */
+ /* If we have advanced outbound nat we skip the FTP proxy, we use ftpsesame */
+ if((isset($config['nat']['advancedoutbound']['enable'])) && (! interface_has_gateway($ifname))) {
+ $sourcenat = 0;
+ /* we are using advanced outbound nat, are we in routing mode? */
+ $realif = convert_friendly_interface_to_real_interface_name($ifname);
+ /* if the interface address lies within a outbound NAT source network we should skip */
+ if(! empty($config['nat']['advancedoutbound']['rule'])) {
+ foreach($config['nat']['advancedoutbound']['rule'] as $natnetwork) {
+ if(ip_in_subnet($int_ip, $natnetwork['source']['network'])) {
+ /* if the interface address is matched in the AON Rule we need the ftp proxy */
+ $sourcenat++;
+ }
+ }
+ }
+ if($sourcenat == 0) {
+ if($g['debug'])
+ log_error("Filter: No AON rule matched for interface {$ifname} - not using the FTP proxy");
+ $interface_counter++;
+ continue;
+ } else {
+ if($g['debug'])
+ log_error("Filter: AON Rule matched for interface {$ifname} - using FTP proxy");
+ }
+ }
+ $tmp_port = 8021 + $interface_counter;
+ $tmp_interface = convert_friendly_interface_to_real_interface_name($ifname);
+ $ifname_lower = strtolower(convert_friendly_interface_to_friendly_descr($ifname));
+ $vpns = get_vpns_list();
+ /* if the user has defined, include the alias so that we do not redirect ftp
+ connections across the tunnels to pftpx */
+ $int_ip = find_interface_ip($tmp_interface);
+ /* if interface lacks an ip, dont setup a rdr for ftp. they are most likely on a bridged interface */
+ if($int_ip and $vpns_list)
+ if($ifname_lower) {
+ $natrules .= "no rdr on $tmp_interface proto tcp from any to <vpns> port 21\n";
+ if($onetoone_list)
+ $natrules .= "no rdr on $tmp_interface proto tcp from <onetoonelist> to any port 21\n";
+ }
+ if($ifname_lower)
+ $natrules .= "rdr on $tmp_interface proto tcp from any to any port 21 -> 127.0.0.1 port {$tmp_port}\n";
+ $interface_counter++;
+ }
+ $natrules .= "\n";
+
+ /* DIAG: add ipv6 NAT, if requested */
+ if (isset($config['diag']['ipv6nat']['enable']) and $config['diag']['ipv6nat']['ipaddr'] <> "") {
+ /* XXX: FIX ME! IPV6 */
+ $natrules .= "rdr on \$wan proto ipv6 from any to any -> {$config['diag']['ipv6nat']['ipaddr']}\n";
+ }
+
+ if(file_exists("/var/etc/inetd.conf"))
+ mwexec("rm /var/etc/inetd.conf");
+ touch("/var/etc/inetd.conf");
+
+ if (isset($config['nat']['rule'])) {
+ $natrules .= "# NAT Inbound Redirects\n";
+
+ if(!isset($config['system']['disablenatreflection'])) {
+ $inetd_fd = fopen("/var/etc/inetd.conf","w");
+ /* start redirects on port 19000 of localhost */
+ $starting_localhost_port = 19000;
+ }
+
+ foreach ($config['nat']['rule'] as $rule) {
+
+ update_filter_reload_status("Creating NAT rule {$rule['descr']}");
+
+ /* if item is an alias, expand */
+ $extport = "";
+ unset($extport);
+ if(alias_expand($rule['external-port']))
+ $extport[0] = alias_expand_value($rule['external-port']);
+ else
+ $extport = explode("-", $rule['external-port']);
+
+ /* if item is an alias, expand */
+ if(alias_expand($rule['local-port']))
+ $localport = "";
+ else
+ $localport = " port {$rule['local-port']}";
+
+ $target = alias_expand_host($rule['target']);
+
+ if (!$target) {
+ $natrules .= "# Unresolvable alias {$rule['target']}\n";
+ continue; /* unresolvable alias */
+ }
+
+ # use tables for aliases in rdr
+ if (!is_ipaddr($target)) {
+ $natrules .= "table <{$rule['target']}> { $target }\n";
+ $target = "<{$rule['target']}>";
+ }
+
+ if ($rule['external-address'])
+ if($rule['external-address'] <> "any")
+ $extaddr = $rule['external-address'] . "/32";
+ else
+ $extaddr = $rule['external-address'];
+ else
+ $extaddr = get_current_wan_address($rule['interface']);
+
+ if (!$rule['interface'] || ($rule['interface'] == "wan"))
+ $natif = $wanif;
+ else if($rule['interface'] == "\$pptp")
+ $natif = "pptp";
+ else if($rule['interface'] == "\$pppoe")
+ $natif = "pppoe";
+ else
+ $natif = $config['interfaces'][$rule['interface']]['if'];
+
+ $lanif = $lancfg['if'];
+
+ /*
+ * Expand aliases
+ * XXX: may want to integrate this into pf macros
+ */
+ if(alias_expand($target))
+ $target = alias_expand($target);
+ if(alias_expand($extaddr))
+ $extaddr = alias_expand($extaddr);
+
+ /*
+ * If FTP Proxy Helper is enabled and the
+ * operator has requested a port forward to
+ * a ftp server then launch a helper
+ */
+ $dontinstallrdr = false;
+ if($target <> "") {
+ $external_address = $rule['external-address'];
+ if($extport[0] == "21" and !isset($config['interfaces'][strtolower($rule['interface'])]['disableftpproxy'])) {
+ $helpers = exec("/bin/ps awux | grep \"{$target} -b {$external_address}\" | grep -v grep");
+ if(!$helpers) {
+ if($external_address == "")
+ $external_address = find_interface_ip(get_real_wan_interface());
+ /* install a pftpx helper, do not set a rule. also use the delay filter configure run
+ * routines because if this is the first bootup the filter is not completely configured
+ * and thus pf is not fully running. otherwise we end up with: pftpx: pf is disabled
+ */
+ if(isset($config['shaper']['enable'])) {
+ if(isset($config['ezshaper']['step5']['p2pcatchall'])) {
+ $shaper_queue = "-q qP2PUp ";
+ } else {
+ $upq = "q" . convert_friendly_interface_to_friendly_descr($config['ezshaper']['step2']['outside_int']);
+ $shaper_queue = "-q {$upq}def ";
+ }
+ } else {
+ $shaper_queue = "";
+ }
+ $after_filter_configure_run[] = "/usr/local/sbin/pftpx {$shaper_queue}-f {$target} -b {$external_address} -c 21 -g 21";
+ }
+ $dontinstallrdr = true;
+ }
+ }
+
+ if($extaddr == "")
+ $dontinstallrdr = true;
+
+ $rdr_on = convert_real_interface_to_friendly_descr($rule['interface']);
+
+ if($dontinstallrdr == false) {
+ /* is rule a port range? */
+ if ((!$extport[1]) || ($extport[0] == $extport[1])) {
+
+ switch ($rule['protocol']) {
+ case "tcp/udp":
+ if($natif) {
+ if($rule['external-port'] <> $rule['local-port'])
+ $natrules .= "{$nordr}rdr on $natif proto { tcp udp } from any to {$extaddr} port { {$extport[0]} } -> {$target}{$localport}";
+ else
+ $natrules .= "{$nordr}rdr on $natif proto { tcp udp } from any to {$extaddr} port { {$extport[0]} } -> {$target}";
+ }
+ break;
+ case "udp":
+ case "tcp":
+ if($extport[0])
+ if($natif) {
+ if($rule['external-port'] <> $rule['local-port'])
+ $natrules .= "rdr on $natif proto {$rule['protocol']} from any to {$extaddr} port { {$extport[0]} } -> {$target}{$localport}";
+ else
+ $natrules .= "rdr on $natif proto {$rule['protocol']} from any to {$extaddr} port { {$extport[0]} } -> {$target}";
+ }
+ else
+ if($natif)
+ $natrules .= "rdr on $natif proto {$rule['protocol']} from any to {$extaddr} -> {$target}{$localport}";
+ break;
+ default:
+ $natrules .= "rdr on $natif proto {$rule['protocol']} from any to {$extaddr} -> {$target}";
+ break;
+ }
+ } else {
+ switch ($rule['protocol']) {
+ case "tcp/udp":
+ if($natif)
+ $natrules .= "{$nordr}rdr on $natif proto { tcp udp } from any to {$extaddr} port {$extport[0]}:{$extport[1]} -> {$target}{$localport}:*";
+ break;
+ case "udp":
+ case "tcp":
+ if($natif)
+ $natrules .= "{$nordr}rdr on $natif proto {$rule['protocol']} from any to {$extaddr} port {$extport[0]}:{$extport[1]} -> {$target}{$localport}:*";
+ break;
+ default:
+ if($natif)
+ $natrules .= "{$nordr}rdr on $natif proto {$rule['protocol']} from any to {$extaddr} -> {$target}";
+ }
+ }
+ }
+
+ /* does this rule redirect back to a internal host?
+ * if so, add some extra goo to help this work.
+ */
+ $rule_friendly_if = convert_friendly_interface_to_real_interface_name($rule['interface']);
+ $rule_interface_ip = find_interface_ip($rule_friendly_if);
+ $rule_interface_subnet = $config['interfaces'][$rule['interface']]['subnet'];
+ $rule_subnet = gen_subnet($rule_interface_ip, $rule_interface_subnet);
+ if($rule['external-address'] == "any" and $rule['interface'] == "lan") {
+ $natrules .= "\n";
+ if($rule_friendly_if)
+ $natrules .= "no nat on {$rule_friendly_if} proto tcp from {$rule_friendly_if} to {$rule_subnet}/{$rule_interface_subnet}\n";
+ if($rule_friendly_if)
+ $natrules .= "nat on {$rule_friendly_if} proto tcp from {$rule_subnet}/{$rule_interface_subnet} to {$target} port {$extport[0]} -> {$rule_friendly_if}\n";
+ }
+
+ if(!isset($config['system']['disablenatreflection'])) {
+
+ update_filter_reload_status("Setting up reflection");
+
+ $natrules .= "\n# Reflection redirects\n";
+ foreach ($iflist as $ifent => $ifname) {
+
+ /* do not process interfaces with gateways*/
+ if($config['interfaces'][$ifname]['gateway'] <> "")
+ continue;
+
+ /* do not process interfaces that will end up with gateways */
+ if($config['interfaces'][$ifname]['ipaddr'] == "dhcp" or
+ $config['interfaces'][$ifname]['ipaddr'] == "bigpond" or
+ $config['interfaces'][$ifname]['ipaddr'] == "pppoe" or
+ $config['interfaces'][$ifname]['ipaddr'] == "pptp")
+ continue;
+
+ $ifname_real = convert_friendly_interface_to_real_interface_name($ifname);
+
+ if($extport[1])
+ $range_end = ($extport[1]);
+ else
+ $range_end = ($extport[0]);
+
+ $range_end++;
+
+ if($rule['local-port'])
+ $lrange_start = $rule['local-port'];
+
+ if($range_end - $extport[0] > 500) {
+ $range_end = $extport[0]+1;
+ log_error("Not installing nat reflection rules for a port range > 500");
+ } else {
+ /* only install reflection rules for < 19991 items */
+ if($starting_localhost_port < 19991) {
+ $loc_pt = $lrange_start;
+ for($x=$extport[0]; $x<$range_end; $x++) {
+
+ $xxx = $x;
+
+ /* do not install reflection rules for FTP. This simply
+ * opens up pandoras box.
+ */
+ if($xxx == "21")
+ continue;
+
+ update_filter_reload_status("Creating reflection rule for {$rule['descr']}...");
+
+ $ifname_real = convert_friendly_interface_to_friendly_descr(strtolower($ifname));
+
+ if($config['system']['reflectiontimeout'])
+ $reflectiontimeout = $config['system']['reflectiontimeout'];
+ else
+ $reflectiontimeout = "2000";
+
+ switch($rule['protocol']) {
+
+ case "tcp/udp":
+ $protocol = "{ tcp udp }";
+ $toadd_array = array();
+ if(is_alias($loc_pt)) {
+ $loc_pt_translated = alias_expand_value($loc_pt);
+ if(stristr($loc_pt_translated, " ")) {
+ /* XXX: we should deal with multiple ports */
+ $loc_pt_translated_split = split(" ", $loc_pt_translated);
+ foreach($loc_pt_translated_split as $lpts)
+ $toadd_array[] = $lpts;
+ } else {
+ $toadd_array[] = $loc_pt_translated;
+ }
+ } else {
+ $loc_pt_translated = $loc_pt;
+ $toadd_array[] = $loc_pt_translated;
+ }
+ foreach($toadd_array as $tda){
+ fwrite($inetd_fd, "{$starting_localhost_port}\tstream\ttcp/udp\tnowait/0\tnobody\t/usr/bin/nc nc -w {$reflectiontimeout} {$target} {$tda}\n");
+ if($ifname_real)
+ $natrules .= "rdr on \${$ifname_real} proto tcp from any to {$extaddr} port { {$xxx} } -> 127.0.0.1 port {$starting_localhost_port}\n";
+ $starting_localhost_port++;
+ fwrite($inetd_fd, "{$starting_localhost_port}\tstream\ttcp/udp\tnowait/0\tnobody\t/usr/bin/nc nc -u -w {$reflectiontimeout} {$target} {$tda}\n");
+ if($ifname_real)
+ $natrules .= "rdr on \${$ifname_real} proto udp from any to {$extaddr} port { {$xxx} } -> 127.0.0.1 port {$starting_localhost_port}\n";
+ $xxx++;
+ $starting_localhost_port++;
+ }
+ break;
+ case "tcp":
+ case "udp":
+ $protocol = $rule['protocol'];
+ $toadd_array = array();
+ if(is_alias($loc_pt)) {
+ $loc_pt_translated = alias_expand_value($loc_pt);
+ if(stristr($loc_pt_translated, " ")) {
+ /* XXX: we should deal with multiple ports */
+ $loc_pt_translated_split = split(" ", $loc_pt_translated);
+ foreach($loc_pt_translated_split as $lpts)
+ $toadd_array[] = $lpts;
+ } else {
+ $toadd_array[] = $loc_pt_translated;
+ }
+ } else {
+ $loc_pt_translated = $loc_pt;
+ $toadd_array[] = $loc_pt_translated;
+ }
+ foreach($toadd_array as $tda){
+ if($protocol == "udp")
+ $dash_u = "-u ";
+ else
+ $dash_u = "";
+ if($config['system']['reflectiontimeout'])
+ $reflectiontimeout = $config['system']['reflectiontimeout'];
+ else
+ $reflectiontimeout = "2000";
+ fwrite($inetd_fd, "{$starting_localhost_port}\tstream\t{$protocol}\tnowait/0\tnobody\t/usr/bin/nc nc {$dash_u}-w {$reflectiontimeout} {$target} {$tda}\n");
+ if($ifname_real)
+ $natrules .= "rdr on \${$ifname_real} proto {$protocol} from any to {$extaddr} port { {$xxx} } -> 127.0.0.1 port {$starting_localhost_port}\n";
+ $xxx++;
+ $starting_localhost_port++;
+ }
+ break;
+ default:
+ break;
+ }
+ $loc_pt++;
+ if($starting_localhost_port > 19990) {
+ log_error("Not installing nat reflection rules. Maximum 1,000 reached.");
+ $x = $range_end+1;
+ }
+ }
+ }
+ }
+
+ }
+
+ }
+
+ $natrules .= "\n";
+ }
+
+ if(!isset($config['system']['disablenatreflection'])) {
+ fclose($inetd_fd);
+ $helpers = trim(exec("/bin/ps ax | /usr/bin/grep inetd | /usr/bin/grep -v grep | /usr/bin/grep 127"));
+ if(!$helpers)
+ mwexec("/usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf");
+ else
+ mwexec("/usr/bin/killall -HUP inetd", true);
+
+ }
+ }
+
+ if ($pptpdcfg['mode'] && $pptpdcfg['mode'] != "off") {
+
+ if ($pptpdcfg['mode'] == "server")
+ $pptpdtarget = "127.0.0.1";
+ else if ($pptpdcfg['mode'] == "redir")
+ $pptpdtarget = $pptpdcfg['redir'];
+
+ if ($pptpdcfg['mode'] == "redir") {
+
+ $natrules .= <<<EOD
+
+# PPTP
+rdr on \$wan proto gre from any to any -> $pptpdtarget
+rdr on \$wan proto tcp from any to any port 1723 -> $pptpdtarget
+
+EOD;
+ }
+ }
+
+ if (is_package_installed('squid') && file_exists('/usr/local/pkg/squid.inc')) {
+ require_once('squid.inc');
+ $natrules .= squid_generate_rules('nat');
+ }
+
+ if (is_package_installed('clamav') && file_exists('/usr/local/pkg/clamav.inc')) {
+ require_once('clamav.inc');
+ $natrules .= clamav_generate_rules('nat');
+ }
+
+ if (is_package_installed('frickin') && file_exists('/usr/local/pkg/frickin.inc')) {
+ require_once ('frickin.inc');
+ $natrules .= frickin_generate_rules('nat');
+ }
+
+ if (is_package_installed('siproxd') && file_exists('/usr/local/pkg/sipproxd.inc')) {
+ require_once('sipproxd.inc');
+ $natrules .= siproxd_generate_rules('nat');
+ }
+
+ $natrules .= process_carp_nat_rules();
+
+ $natrules .= "# IMSpector rdr anchor\n";
+ $natrules .= "rdr-anchor \"imspector\"\n";
+
+ $natrules .= "# UPnPd rdr anchor\n";
+ $natrules .= "rdr-anchor \"miniupnpd\"\n";
+
+ return $natrules;
+}
+
+function run_command_return_string($cmd) {
+ global $config;
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "generate_user_filter_rule() being called $mt\n";
+ }
+
+ $fd = popen($cmd, "r");
+ while(!feof($fd)) {
+ $tmp .= fread($fd,49);
+ }
+ fclose($fd);
+ return $tmp;
+}
+
+function generate_user_filter_rule_arr($rule, $ngcounter) {
+ global $config;
+ update_filter_reload_status("Creating filter rules {$rule['descr']} ...");
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "generate_user_filter_rule() being called $mt\n";
+ }
+ $ret = array();
+ $line = generate_user_filter_rule($rule, $ngcounter);
+ $ret['rule'] = $line;
+ $ret['interface'] = $rule['interface'];
+ if ($line[0] != '#') {
+ if($rule['descr'] != "" and $line != "")
+ $ret['descr'] = "label \"USER_RULE: " . str_replace('"', '', $rule['descr']) . "\"";
+ else
+ $ret['descr'] = "label \"USER_RULE\"";
+ }
+ $ret['ackq'] = get_ack_queue($rule['interface']);
+
+ return $ret;
+}
+
+function generate_user_filter_rule($rule, $ngcounter) {
+ global $config, $g;
+ global $table_cache;
+ global $schedule_enabled;
+
+ if($config['schedules']) {
+ foreach($config['schedules']['schedule'] as $sched) {
+ $schedule_enabled = true;
+ break;
+ }
+ }
+
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "generate_user_filter_rule() being called $mt\n";
+ }
+
+ /* Setup cache array if not already existing */
+ if (!isset($table_cache)) {
+ if ($g['debug'])
+ echo "Creating table cache\n";
+ $table_cache = array();
+ }
+
+ update_filter_reload_status("Creating filter rules {$rule['descr']} ...");
+
+ $wancfg = $config['interfaces']['wan'];
+ $lancfg = $config['interfaces']['lan'];
+ $pptpdcfg = $config['pptpd'];
+ $pppoecfg = $config['pppoe'];
+
+ $lanif = $lancfg['if'];
+ $wanif = get_real_wan_interface();
+
+ $lanip = $lancfg['ipaddr'];
+ $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']);
+ $lansn = $lancfg['subnet'];
+
+ $int = "";
+
+ $optcfg = array();
+ generate_optcfg_array($optcfg);
+
+ $curwanip = get_current_wan_address();
+
+ /* don't include disabled rules */
+ if (isset($rule['disabled'])) {
+ return "# rule " . $rule['descr'] . " disabled ";
+ }
+
+ $pptpdcfg = $config['pptpd'];
+ $pppoecfg = $config['pppoe'];
+
+ if ($pptpdcfg['mode'] == "server") {
+ $pptpip = $pptpdcfg['localip'];
+ $pptpsa = $pptpdcfg['remoteip'];
+ $pptpsn = $g['pptp_subnet'];
+ if($config['pptp']['pptp_subnet'] <> "")
+ $pptpsn = $config['pptp']['pptp_subnet'];
+ }
+
+ if ($pppoecfg['mode'] == "server") {
+ $pppoeip = $pppoecfg['localip'];
+ $pppoesa = $pppoecfg['remoteip'];
+ $pppoesn = $g['pppoe_subnet'];
+ if($config['pppoe']['pppoe_subnet'] <> "")
+ $pppoesn = $config['pppoe']['pppoe_subnet'];
+ }
+
+ /* does the rule deal with a PPTP interface? */
+ if ($rule['interface'] == "pptp") {
+ if ($pptpdcfg['mode'] != "server")
+ return "";
+ $nif = $g['n_pptp_units'];
+ if($config['pptp']['n_pptp_units'] <> "")
+ $nif = $config['pptp']['n_pptp_units'];
+ $ispptp = true;
+ } else if($rule['interface'] == "pppoe") {
+ if ($pppoecfg['mode'] != "server") {
+ return " # Error creating pppoe rule";
+ }
+ $nif = $g['n_pppoe_units'];
+ if($config['pppoe']['n_pppoe_units'] <> "")
+ $nif = $config['pppoe']['n_pppoe_units'];
+ $ispppoe = true;
+ } else if(!isset($rule['interface'])) {
+ return '# Interface empty for rule: '.$rule['descr'];
+ } else {
+
+ /* Check to see if the interface is opt and in our opt list */
+ if (strstr($rule['interface'], "opt")) {
+ if (!array_key_exists($rule['interface'], $optcfg)) {
+ $item = "";
+ foreach($optcfg as $oc) $item .= $oc['if'];
+ return "# {$real_int} {$item} {$rule['interface']} array key does not exist for " . $rule['descr'];
+ }
+ }
+
+ $nif = 1;
+ $ispptp = false;
+ $ispppoe = false;
+ }
+
+ if ($pptpdcfg['mode'] != "server") {
+ if (($rule['source']['network'] == "pptp") ||
+ ($rule['destination']['network'] == "pptp")) {
+ return "# source network or destination network == pptp on " . $rule['descr'];
+ }
+ }
+
+ if ($rule['source']['network'] && strstr($rule['source']['network'], "opt")) {
+ if (!array_key_exists($rule['source']['network'], $optcfg)) {
+ $optmatch = "";
+ if(preg_match("/opt([0-999])/", $rule['source']['network'], $optmatch)) {
+ $real_opt_int = convert_friendly_interface_to_real_interface_name("opt" . $optmatch[1]);
+ $opt_ip = find_interface_ip($real_opt_int);
+ if(!$opt_ip)
+ return "# unresolvable optarray $real_opt_int - $optmatch[0] - $opt_ip";
+ } else {
+ return "# {$rule['source']['network']} !array_key_exists source network " . $rule['descr'];
+ }
+ }
+ }
+ if ($rule['destination']['network'] && strstr($rule['destination']['network'], "opt")) {
+ if (!array_key_exists($rule['destination']['network'], $optcfg)) {
+ if(preg_match("/opt([0-999])/", $rule['destination']['network'], $optmatch)) {
+ $real_opt_int = convert_friendly_interface_to_real_interface_name("opt" . $optmatch[1]);
+ $opt_ip = find_interface_ip($real_opt_int);
+ if(!$opt_ip)
+ return "# unresolvable oparray $real_opt_int - $optmatch[0] - $opt_ip";
+ } else {
+ return "# {$item} {$rule['destination']['network']} !array_key_exists dest network " . $rule['descr'];
+ }
+ }
+ }
+
+ /* check for unresolvable aliases */
+ if ($rule['source']['address'] && !alias_expand($rule['source']['address'])) {
+ file_notice("Filter_Reload", "# unresolvable source aliases {$rule['descr']}");
+ return "# unresolvable source aliases {$rule['descr']}";
+ }
+ if ($rule['destination']['address'] && !alias_expand($rule['destination']['address'])) {
+ file_notice("Filter_Reload", "# unresolvable dest aliases {$rule['descr']}");
+ return "# unresolvable dest aliases {$rule['descr']}";
+ }
+
+ $ifdescrs = array();
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++)
+ $ifdescrs[] = "opt" . $i;
+
+ update_filter_reload_status("Setting up pass/block rules");
+
+ for ($iif = 0; $iif < $nif; $iif++) {
+
+ $type = $rule['type'];
+
+
+ if ($type != "pass" && $type != "block" && $type != "reject") {
+ /* default (for older rules) is pass */
+ $type = "pass";
+ }
+
+ if ($type == "reject") {
+ /* special reject packet */
+ $aline['type'] = "block return";
+ } else {
+ $aline['type'] = $type;
+ }
+
+ /* ensure the direction is in */
+ $aline['direction'] = " in ";
+
+ if (isset($rule['log']))
+ $aline['log'] = "log ";
+
+ $aline['quick'] = "quick ";
+
+ if ($ispptp) {
+ $aline['interface'] = "on \$pptp ";
+ } else if ($ispppoe) {
+ $aline['interface'] = "on \$pppoe ";
+ } else {
+ // translate wan, man, lan, opt to real interface.
+ $interface = $rule['interface'];
+ $temp = filter_get_opt_interface_descr($interface);
+ if($temp <> "") $interface = $temp;
+ if(isset($rule['destination']['address'])) {
+ $canadd = 0; // XXX: billm - eh? this is a nice little noop
+ /* because pf will not allow a interface for proxyARP
+ type traffic lets check if its in use and if so leave
+ off the interface */
+ if(is_one_to_one_or_server_nat_rule($rule['destination']['address']))
+ $canadd = 0;
+ }
+ if($canadd == 0)
+ $aline['interface'] = "on \$" . convert_real_interface_to_friendly_descr($rule['interface']) . " ";
+ }
+
+
+ /* set the gateway interface */
+ $ri = filter_translate_type_to_real_interface($rule['interface']);
+
+ update_filter_reload_status("Setting up pass/block rules {$rule['descr']}");
+
+ /*
+ * check to see if /tmp/{${ri}_router exists. This file
+ * is created by dhclient for 2nd wan interfaces, etc.
+ * else get gateway from the interface config
+ */
+ if(file_exists("{$g['tmp_path']}/{$ri}_router")) {
+ $rg = file_get_contents("{$g['tmp_path']}/{$ri}_router");
+ $rg = rtrim($rg);
+ } elseif ($config['interfaces'][$rule['interface']]['gateway'] <> "") {
+ $rg = $config['interfaces'][$rule['interface']]['gateway'];
+ }
+
+ /* do not process reply-to for gateway'd rules */
+ if(($rule['gateway'] == "") and ($ri != "") and ($rg != "")) {
+ $aline['reply'] = "reply-to (" . $ri . " " . $rg . ") ";
+ }
+
+ /* if user has selected a custom gateway, lets work with it */
+ if($rule['gateway'] <> "") {
+ $foundlb = 0;
+ $routeto = " route-to { ";
+ if(is_array($config['load_balancer']['lbpool'])) {
+ foreach($config['load_balancer']['lbpool'] as $lb) {
+ update_filter_reload_status("Creating load balancing item...");
+ if($lb['name'] == $rule['gateway']) {
+ $gateway = $rule['gateway'];
+ /*
+ * is $gateway a interface name?
+ * if so, lets find out the gateway address
+ * from /tmp/router_bleh.router
+ */
+ if(in_array($gateway, $ifdescrs)==true) {
+ if(is_file("{$g['tmp_path']}/{$gateway}_router")) {
+ $return_gateway = file_get_contents("{$g['tmp_path']}/{$gateway}_router");
+ } else {
+ log_error("Could not find {$g['tmp_path']}/{$gateway}_router. Needed for dhcp gateway information");
+ continue;
+ }
+ }
+ /* if /tmp/$lbname.pool exists then read in our gateway hints from slbd */
+ if(file_exists("{$g['tmp_path']}/{$lb['name']}.pool")) {
+ $lbs_tmp = split("\n", file_get_contents("{$g['tmp_path']}/{$lb['name']}.pool"));
+ $lbs = array();
+ /* process the entire file to prevent empty lines */
+ foreach($lbs_tmp as $lb_tmp) {
+ if(is_ipaddr($lb_tmp)) {
+ $lbs[] = $lb_tmp;
+ }
+ }
+ $lbs_count = count($lbs);
+ if($g['debug'])
+ log_error("We found $lbs_count valid entries in status file {$g['tmp_path']}/{$lb['name']}.pool");
+
+ if(count($lbs) == 0) {
+ if($g['debug'])
+ log_error("There are no servers found in the status file, using XML config settings!");
+ foreach ($lb['servers'] as $lbsvr) {
+ $lbsvr_split = split("\|", $lbsvr);
+ $lbs[] = $lbsvr_split[1];
+ }
+ }
+ } else {
+ if($g['debug'])
+ log_error("There is no server status file, using XML config settings!");
+ $lbs = array();
+ foreach ($lb['servers'] as $lbsvr) {
+ $lbsvr_split = split("\|", $lbsvr);
+ $lbs[] = $lbsvr_split[1];
+ }
+ }
+ /* If we want failover we only return the first (top) server from the list
+ * and work our way down from there. This way we order the failover order.
+ */
+ if($lb['behaviour'] == "failover") {
+ $firstsrv = $lbs[0];
+ $lbs = array("$firstsrv");
+ }
+
+ /* create server/gateway gateway/monitor array */
+ $l = 0;
+ $lbconfig = array();
+ foreach ($lb['servers'] as $lbsvr) {
+ $lbsvr_split=split("\|", $lbsvr);
+ $lbconfig['gateway'][$l] = $lbsvr_split[0];
+ $lbconfig['monitor'][$l] = $lbsvr_split[1];
+ $l++;
+ }
+ $lbconfig_count = count($lbconfig['gateway']);
+
+ $l = 0;
+ while($l < $lbconfig_count) {
+ /* iterate through $lbs and setup items accordingly */
+ foreach($lbs as $server) {
+ if ($server == "")
+ continue;
+ unset($gateway, $int);
+ if ($lbconfig['monitor'][$l] == $server) {
+ /* determine interface gateway */
+ if(is_ipaddr($lbconfig['gateway'][$l])) {
+ $int = guess_interface_from_ip($lbconfig['gateway'][$l]);
+ $gateway = $lbconfig['gateway'][$l];
+ log_error("SLBD pool {$lb['name']} is old style. Please recreate.");
+ } else if(interface_has_gateway($lbconfig['gateway'][$l])) {
+ $int = convert_friendly_interface_to_real_interface_name($lbconfig['gateway'][$l]);
+ $gateway = get_interface_gateway($lbconfig['gateway'][$l]);
+ }
+ if(($int <> "") && ($gateway <> "")) {
+ if($g['debug'])
+ log_error("Setting up route with {$lbconfig['gateway'][$l]} om $int for monitor {$lbconfig['monitor'][$l]} on gateway $gateway");
+ if($foundlb == 1)
+ $routeto .= ", ";
+ $routeto .= "( {$int} {$gateway} ) ";
+ $foundlb = 1;
+ }
+ /* we have a match, go forth and try the next LB item so we don't setup multiples incorrectly */
+ $l++;
+ continue;
+ }
+ }
+ $l++;
+ }
+ /* If we want failover just use route-to else round-robin */
+ if($lb['behaviour'] == "failover") {
+ $routeto .= "} ";
+ } else {
+ $routeto .= "} round-robin ";
+ if(isset($config['system']['lb_use_sticky']))
+ $routeto .= " sticky-address ";
+ }
+ }
+ }
+ /* Add the load balanced gateways */
+ if ($foundlb == 1)
+ $aline['route'] = $routeto;
+ }
+ /* we're not using load balancing, just setup gateway */
+ if($foundlb == 0) {
+ $gateway = $rule['gateway'];
+ /*
+ * is $gateway a interface name?
+ * if so, lets find out the gateway address
+ * from /tmp/router_bleh.router
+ */
+ if(in_array($gateway, $ifdescrs)==true) {
+ $int=filter_opt_interface_to_real($gateway);
+ if(is_file("{$g['tmp_path']}/{$int}_router")) {
+ $gatewayip = file_get_contents("{$g['tmp_path']}/{$int}_router");
+ $gatewayip = rtrim($gatewayip);
+ if (is_ipaddr($gatewayip)) {
+ if($int)
+ $aline['route'] = " route-to ( {$int} {$gatewayip} ) ";
+ log_error("An error occurred while trying to determine the real interface name for the gateway $gateway");
+ }
+ } else {
+ log_error("Could not find {$g['tmp_path']}/{$int}_router. Needed for dhcp gateway information");
+ continue;
+ }
+ } else {
+ /* user picked a real gateway ip */
+ if(is_ipaddr($rule['gateway'])) {
+ $gatewayip = $rule['gateway'];
+ $int = guess_interface_from_ip($gatewayip);
+ $aline['route'] = " route-to ( " . guess_interface_from_ip($rule['gateway']) . " {$rule['gateway']} ) ";
+ }
+ }
+ }
+ }
+
+ if (isset($rule['protocol'])) {
+ if($rule['protocol'] == "tcp/udp")
+ $aline['prot'] = "proto { tcp udp } ";
+ elseif($rule['protocol'] == "icmp")
+ $aline['prot'] = "inet proto icmp ";
+ else
+ $aline['prot'] = "proto {$rule['protocol']} ";
+ } else {
+ if($rule['source']['port'] <> "" || $rule['destination']['port'] <> "") {
+ $aline['prot'] = "proto tcp ";
+ }
+ }
+
+ update_filter_reload_status("Creating rule {$rule['descr']}");
+
+ /* source address */
+ if (isset($rule['source']['any'])) {
+ $src = "any";
+ } else if ($rule['source']['network']) {
+
+ if (strstr($rule['source']['network'], "opt")) {
+ $src = $optcfg[$rule['source']['network']]['sa'] . "/" .
+ $optcfg[$rule['source']['network']]['sn'];
+ if (isset($rule['source']['not'])) $src = " !{$src}";
+ /* check for opt$NUMip here */
+ $matches = "";
+ if (preg_match("/opt([0-9999])ip/", $rule['source']['network'], $matches)) {
+ $optnum = $matches[1];
+ $real_int = convert_friendly_interface_to_real_interface_name("opt{$optnum}");
+ $src = find_interface_ip($real_int);
+ }
+ } else {
+ switch ($rule['source']['network']) {
+ case 'wanip':
+ $src = $curwanip;
+ break;
+ case 'lanip':
+ $src = $lanip;
+ break;
+ case 'lan':
+ $src = "{$lansa}/{$lansn}";
+ break;
+ case 'pptp':
+ $src = "{$pptpsa}/{$pptpsn}";
+ break;
+ case 'pppoe':
+ $src = "{$pppoesa}/{$pppoesn}";
+ break;
+ }
+ if (isset($rule['source']['not'])) $src = "!{$src}";
+ }
+ } else if ($rule['source']['address']) {
+ $expsrc = alias_expand($rule['source']['address']);
+
+ if (isset($rule['source']['not']))
+ $not = "!";
+ else
+ $not = "";
+
+ if (stristr($expsrc, "$")) {
+ if($not) {
+ $src = "{";
+ foreach(preg_split("/[\s]+/", alias_expand_value($rule['source']['address'])) as $item) {
+ if($item != "") {
+ $src .= " {$not}{$item}";
+ }
+ }
+ /* added support for tables */
+ $src .= " 0/0 }";
+ $src_table = "<not" . $rule['source']['address'] . ">";
+ }
+ else {
+ $src = "{ {$not} " . alias_expand_value($rule['source']['address']) . " } ";
+ $src_table = "<" . $rule['source']['address'] . ">";
+ }
+
+ /* support for tables */
+ $src_table_line = "table $src_table {$src}\n";
+ $src = $src_table;
+ }
+ else
+ $src = "{ {$not} {$expsrc} }";
+ }
+
+ if (!$src || ($src == "/")) {
+ return "# at the break!";
+ }
+
+ $aline['src'] = "from $src ";
+
+ if (in_array($rule['protocol'], array("tcp","udp","tcp/udp"))) {
+
+ if ($rule['source']['port']) {
+ $srcport = explode("-", $rule['source']['port']);
+ if(alias_expand($srcport[0]))
+ $srcporta = alias_expand($srcport[0]);
+ else
+ $srcporta = $srcport[0];
+ if ((!$srcport[1]) || ($srcport[0] == $srcport[1])) {
+ if(alias_expand($srcport[0]))
+ $aline['srcport'] = "port {$srcporta} ";
+ else
+ $aline['srcport'] = "port = {$srcporta} ";
+ } else if (($srcport[0] == 1) && ($srcport[1] == 65535)) {
+ /* no need for a port statement here */
+ } else if ($srcport[1] == 65535) {
+ $aline['srcport'] = "port >= {$srcport[0]} ";
+ } else if ($srcport[0] == 1) {
+ $aline['srcport']= "port <= {$srcport[1]} ";
+ } else {
+ $srcport[0]--;
+ $srcport[1]++;
+ $aline['srcport'] = "port {$srcport[0]} >< {$srcport[1]} ";
+ }
+ }
+ /* OS signatures */
+ if (($rule['protocol'] == "tcp") && ($rule['os'] <> ""))
+ $aline['os'] = "os {$rule['os']} ";
+
+ }
+
+ /* destination address */
+ if (isset($rule['destination']['any'])) {
+ $dst = "any";
+ } else if ($rule['destination']['network']) {
+
+ if (strstr($rule['destination']['network'], "opt")) {
+ $dst = $optcfg[$rule['destination']['network']]['sa'] . "/" .
+ $optcfg[$rule['destination']['network']]['sn'];
+ /* check for opt$NUMip here */
+ $matches = "";
+ if (preg_match("/opt([0-9999])ip/", $rule['destination']['network'], $matches)) {
+ $optnum = $matches[1];
+ $real_int = convert_friendly_interface_to_real_interface_name("opt{$optnum}");
+ $dst = find_interface_ip($real_int);
+ }
+ if (isset($rule['destination']['not'])) $dst = " !{$dst}";
+ } else {
+ switch ($rule['destination']['network']) {
+ case 'wanip':
+ $dst = $curwanip;
+ break;
+ case 'lanip':
+ $dst = $lanip;
+ break;
+ case 'lan':
+ $dst = "{$lansa}/{$lansn}";
+ break;
+ case 'pptp':
+ $dst = "{$pptpsa}/{$pptpsn}";
+ break;
+ case 'pppoe':
+ $dst = "{$ppoesa}/{$pppoesn}";
+ break;
+ }
+ if (isset($rule['destination']['not'])) $dst = " !{$dst}";
+ }
+ } else if ($rule['destination']['address']) {
+ $expdst = alias_expand($rule['destination']['address']);
+
+ if (isset($rule['destination']['not']))
+ $not = "!";
+ else
+ $not = "";
+
+ if (stristr($expdst, "$")) {
+ if($not) {
+ $dst = "{";
+ foreach(preg_split("/[\s]+/", alias_expand_value($rule['destination']['address'])) as $item) {
+ if($item != "") {
+ $dst .= " {$not}{$item}";
+ }
+ }
+ /* added support for tables */
+ $dst .= " 0/0 }";
+ $dst_table = "<not" . $rule['destination']['address'] . ">";
+ }
+ else {
+ $dst = "{ {$not} " . alias_expand_value($rule['destination']['address']) . " } ";
+ $dst_table = "<" . $rule['destination']['address'] . ">";
+ }
+
+ /* support for tables */
+ $dst_table_line = "table $dst_table {$dst}\n";
+ $dst = $dst_table;
+ }
+ else
+ $dst = "{ {$not} {$expdst} }";
+ }
+
+ if (!$dst || ($dst == "/")) {
+ return "# returning at dst $dst == \"/\"";
+ }
+
+ $aline['dst'] = "to $dst ";
+
+ if (in_array($rule['protocol'], array("tcp","udp","tcp/udp"))) {
+
+ if ($rule['destination']['port']) {
+ $dstport = explode("-", $rule['destination']['port']);
+ if(alias_expand($dstport[0]))
+ $dstporta = alias_expand($dstport[0]);
+ else
+ $dstporta = $dstport[0];
+ if ((!$dstport[1]) || ($dstport[0] == $dstport[1])) {
+ if(alias_expand($dstport[0]))
+ $aline['dstport'] = "port {$dstporta} ";
+ else
+ $aline['dstport'] = "port = {$dstporta} ";
+ } else if (($dstport[0] == 1) && ($dstport[1] == 65535)) {
+ /* no need for a port statement here */
+ } else if ($dstport[1] == 65535) {
+ $aline['dstport'] = "port >= {$dstport[0]} ";
+ } else if ($dstport[0] == 1) {
+ $aline['dstport'] = "port <= {$dstport[1]} ";
+ } else {
+ $dstport[0]--;
+ $dstport[1]++;
+ $aline['dstport'] = "port {$dstport[0]} >< {$dstport[1]} ";
+ }
+ }
+ }
+
+ if (($rule['protocol'] == "icmp") && $rule['icmptype']) {
+ $aline['icmp-type'] = "icmp-type {$rule['icmptype']} ";
+ }
+
+ if ($type == "pass") {
+
+ if( isset($rule['source-track']) or isset($rule['max-src-nodes']) or isset($rule['max-src-states']) )
+ if($rule['protocol'] == "tcp")
+ $aline['flags'] = "flags S/SA ";
+ /*
+ # keep state
+ works with TCP, UDP, and ICMP.
+ # modulate state
+ works only with TCP. pfSense will generate strong Initial Sequence Numbers (ISNs)
+ for packets matching this rule.
+ # synproxy state
+ proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods.
+ This option includes the functionality of keep state and modulate state combined.
+ # none
+ do not use state mechanisms to keep track. this is only useful if your doing advanced
+ queueing in certain situations. please check the faq.
+ */
+ $noadvoptions = false;
+ if(isset($rule['statetype']) && $rule['statetype'] <> "") {
+ switch($rule['statetype']) {
+ case "none":
+ $noadvoptions = true;
+ $aline['flags'] = "no state ";
+ break;
+ case "modulate state":
+ case "synproxy state":
+ if($rule['protocol'] == "tcp")
+ $aline['flags'] = "{$rule['statetype']} ";
+ break;
+ default:
+ $aline['flags'] = "{$rule['statetype']} ";
+ }
+ } else {
+ $aline['flags'] = "keep state ";
+ }
+ if($noadvoptions == false)
+ if( isset($rule['source-track']) and $rule['source-track'] <> "" or
+ isset($rule['max-src-nodes']) and $rule['max-src-nodes'] <> "" or
+ isset($rule['max-src-conn-rate']) and $rule['max-src-conn-rate'] <> "" or
+ isset($rule['max-src-conn-rates']) and $rule['max-src-conn-rates'] <> "" or
+ isset($rule['max-src-states']) and $rule['max-src-states'] <> "" or
+ isset($rule['statetimeout']) and $rule['statetimeout'] <> "") {
+ $aline['flags'] .= "( ";
+ if(isset($rule['source-track']) and $rule['source-track'] <> "")
+ $aline['flags'] .= "source-track rule ";
+ if(isset($rule['max-src-nodes']) and $rule['max-src-nodes'] <> "")
+ $aline['flags'] .= "max-src-nodes " . $rule['max-src-nodes'] . " ";
+ if(isset($rule['max-src-states']) and $rule['max-src-states'] <> "")
+ $aline['flags'] .= "max-src-states " . $rule['max-src-states'] . " ";
+ if(isset($rule['statetimeout']) and $rule['statetimeout'] <> "")
+ $aline['flags'] .= "tcp.established " . $rule['statetimeout'] . " ";
+ if(isset($rule['max-src-conn-rate']) and $rule['max-src-conn-rate'] <> ""
+ and isset($rule['max-src-conn-rates']) and $rule['max-src-conn-rates'] <> "") {
+ $aline['flags'] .= "max-src-conn-rate " . $rule['max-src-conn-rate'] . " ";
+ $aline['flags'] .= "/" . $rule['max-src-conn-rates'] . ", overload <virusprot> flush global ";
+ }
+ $aline['flags'] .= " ) ";
+ }
+ }
+ if ($type == "reject" && $rule['protocol'] == "tcp") {
+ /* special reject packet */
+ $aline['flags'] .= "flags S/SA ";
+ }
+ }
+
+ /* cache entries */
+ if (isset($src_table))
+ if (isset($table_cache[$src_table])) {
+ if ($g['debug'])
+ echo "{$src_table} found in cache\n";
+ } else {
+ if ($g['debug'])
+ echo "{$src_table} NOT found in cache...adding\n";
+ $table_cache[$src_table] = $src_table_line;
+ }
+ if (isset($dst_table))
+ if (isset($table_cache[$dst_table])) {
+ if ($g['debug'])
+ echo "{$dst_table} found in cache\n";
+ } else {
+ if ($g['debug'])
+ echo "{$dst_table} NOT found in cache...adding\n";
+ $table_cache[$dst_table] = $dst_table_line;
+ }
+
+ /* exception(s) to a user rules can go here. */
+ /* rules with a gateway or pool should create another rule for routing to local networks or vpns */
+ /* we only trigger this for a rule with the destination of any and without a gateway */
+ if (($aline['route'] <> "") && ($aline['type'] == "pass") && ($dst == "any") && (! interface_has_gateway($aline['interface']))) {
+ /* negate VPN/PPTP/PPPoE networks for load balancer rules */
+ $vpns = " to <vpns> ";
+ $line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] . $aline['interface'] . $aline['prot'] .
+ $aline['src'] . $aline['srcport'] . $aline['os'] . $vpns . $aline['dstport'].
+ $aline['icmp-type'] . $aline['flags'] .
+ " label \"NEGATE_ROUTE: Negate policy route for local network(s)\"\n";
+ }
+
+ /* piece together the actual user rule */
+ $line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] . $aline['interface'] . $aline['reply'] .
+ $aline['route'] . $aline['prot'] . $aline['src'] . $aline['srcport'] . $aline['os'] . $aline['dst'] .
+ $aline['dstport'] . $aline['icmp-type'] . $aline['flags'];
+
+ /* is a time based rule schedule attached? */
+ if($rule['sched']) {
+ if($config['schedules']) {
+ foreach($config['schedules']['schedule'] as $sched) {
+ if($sched['name'] == $rule['sched'])
+ $schedule_xml_block = $sched;
+ $schedule_enabled = true;
+ }
+ }
+ if($schedule_xml_block)
+ $status = get_time_based_rule_status($schedule_xml_block);
+ if($status) {
+ if($g['debug'])
+ log_error("[TDR DEBUG] status true -- rule type '$type'");
+ if($type == "block") {
+ // active deny rules should deny
+ $ipfw_rule = tdr_create_ipfw_rule($rule, "deny");
+ tdr_install_rule($ipfw_rule);
+ } else {
+ // active allow rules should allow
+ $ipfw_rule = tdr_create_ipfw_rule($rule, "allow");
+ tdr_install_rule($ipfw_rule);
+ }
+ return "$line";
+ } else {
+ /* rule is turned off, if type == pass, deny traffic until
+ * active else allow traffic until active
+ */
+ if($type == "pass") {
+ // inactive pass rules should deny
+ $ipfw_rule = tdr_create_ipfw_rule($rule, "deny");
+ tdr_install_rule($ipfw_rule);
+ } else {
+ // inactive block rules should skipto
+ $ipfw_rule = tdr_create_ipfw_rule($rule, "skipto");
+ tdr_install_rule($ipfw_rule);
+ }
+ return "# $line";
+ }
+ } else {
+ if($schedule_enabled) {
+ // no schedule allow rules should simply allow
+ $ipfw_rule = tdr_create_ipfw_rule($rule, "allow");
+ tdr_install_rule($ipfw_rule);
+ }
+ return $line;
+ }
+}
+
+function filter_rules_generate() {
+ global $config, $g, $table_cache;
+
+ update_filter_reload_status("Creating default rules");
+
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "filter_rules_generate() being called $mt\n";
+ }
+
+ $wancfg = $config['interfaces']['wan'];
+ $lancfg = $config['interfaces']['lan'];
+ $pptpdcfg = $config['pptpd'];
+ $pppoecfg = $config['pppoe'];
+
+ $lanif = $lancfg['if'];
+ $wanif = get_real_wan_interface();
+
+ $lanip = $lancfg['ipaddr'];
+ $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']);
+ $lansn = $lancfg['subnet'];
+
+ $wanip = find_interface_ip(get_real_wan_interface());
+
+ if($lansa)
+ $lansa_sn_combo = "{$lansa}/{$lansn}";
+ else
+ $lansa_sn_combo = "192.168.1.1/32";
+
+ /* optional interfaces */
+ $optcfg = array();
+ generate_optcfg_array($optcfg);
+
+ if (is_package_installed('squid') && file_exists('/usr/local/pkg/squid.inc')) {
+ require_once('squid.inc');
+ $ipfrules .= squid_generate_rules('filter');
+ }
+
+ if (is_package_installed('clamav') && file_exists('/usr/local/pkg/clamav.inc')) {
+ require_once('clamav.inc');
+ $ipfrules .= clamav_generate_rules('filter');
+ }
+
+ if (is_package_installed('clamav') && file_exists('/usr/local/pkg/clamav.inc')) {
+ require_once('clamav.inc');
+ $ipfrules .= clamav_generate_rules('filter');
+ }
+
+ if (is_package_installed('frickin') && file_exists('/usr/local/pkg/frickin.inc')) {
+ require_once ('frickin.inc');
+ $ipfrules .= frickin_generate_rules('filter');
+ }
+
+ if (is_package_installed('siproxd') && file_exists('/usr/local/pkg/sipproxd.inc')) {
+ require_once('sipproxd.inc');
+ $ipfrules .= siproxd_generate_rules('filter');
+ }
+
+ /* if captive portal is enabled, ensure that access to this port
+ * is allowed on a locked down interface
+ */
+ if (isset($config['captiveportal']['enable'])) {
+ $cp_interface = $config['captiveportal']['interface'];
+ $cp_interface_real = convert_friendly_interface_to_real_interface_name($cp_interface);
+ $cp_interface_ip = find_interface_ip($cp_interface_real);
+ if (isset($config['captiveportal']['peruserbw']))
+ mwexec("kldload dummynet");
+ if($cp_interface_ip and $cp_interface_real)
+ $ipfrules .= "pass in quick on {$cp_interface_real} proto tcp from any to {$cp_interface_ip} port { 8000 8001 } keep state\n";
+ }
+
+ /* ftp-sesame */
+ $ipfrules .= "anchor \"ftpsesame/*\" \n";
+
+ # BEGIN OF firewall rules
+ $ipfrules .= "anchor \"firewallrules\"\n";
+
+ if ($pptpdcfg['mode'] == "server") {
+ $pptpip = $pptpdcfg['localip'];
+ $pptpsa = $pptpdcfg['remoteip'];
+ $pptpsn = $g['pptp_subnet'];
+ if($config['pptp']['pptp_subnet'] <> "")
+ $pptpsn = $config['pptp']['pptp_subnet'];
+ }
+
+ if ($pppoecfg['mode'] == "server") {
+ $pppoeip = $pppoecfg['localip'];
+ $pppoesa = $pppoecfg['remoteip'];
+ $pppoesn = $g['pppoe_subnet'];
+ if($config['pppoe']['pppoe_subnet'] <> "")
+ $pppoesn = $config['pppoe']['pppoe_subnet'];
+ }
+
+ /* default block logging? */
+ if (!isset($config['syslog']['nologdefaultblock']))
+ $log = "log";
+ else
+ $log = "";
+
+ $ipfrules .= <<<EOD
+
+# We use the mighty pf, we cannot be fooled.
+block quick proto { tcp, udp } from any port = 0 to any
+block quick proto { tcp, udp } from any to any port = 0
+
+# snort2c
+table <snort2c> persist
+block quick from <snort2c> to any label "Block snort2c hosts"
+block quick from any to <snort2c> label "Block snort2c hosts"
+
+EOD;
+
+ if(!isset($config['system']['ipv6allow'])) {
+ $ipfrules .= "# Block all IPv6\n";
+ $ipfrules .= "block in quick inet6 all\n";
+ $ipfrules .= "block out quick inet6 all\n";
+ }
+
+ $ipfrules .= <<<EOD
+# loopback
+anchor "loopback"
+pass in quick on \$loopback all label "pass loopback"
+pass out quick on \$loopback all label "pass loopback"
+
+# package manager early specific hook
+anchor "packageearly"
+
+
+# carp
+anchor "carp"
+
+EOD;
+
+if($wanip)
+ $ipfrules .= <<<EOD
+
+# permit wan interface to ping out (ping_hosts.sh)
+pass quick proto icmp from {$wanip} to any keep state
+
+EOD;
+
+ $ipfrules .= <<<EOD
+
+# NAT Reflection rules
+
+EOD;
+
+ if (isset($config['nat']['rule'])) {
+ $natrules .= "# NAT Inbound Redirects\n";
+
+ if(!isset($config['system']['disablenatreflection'])) {
+ //$fd = fopen("/var/etc/inetd.conf","w");
+ /* start redirects on port 19000 of localhost */
+ $starting_localhost_port = 18999;
+ }
+
+ foreach ($config['nat']['rule'] as $rule) {
+
+ update_filter_reload_status("Creating NAT rule {$rule['descr']}");
+
+ /* if item is an alias, expand */
+ if(alias_expand($rule['external-port']))
+ $extport[0] = alias_expand_value($rule['external-port']);
+ else
+ $extport = explode("-", $rule['external-port']);
+
+ /* if item is an alias, expand */
+ if(alias_expand($rule['local-port']))
+ $localport = "";
+ else
+ $localport = " port {$rule['local-port']}";
+
+ $target = alias_expand_host($rule['target']);
+
+ if (!$target)
+ continue; /* unresolvable alias */
+
+ if ($rule['external-address'])
+ if($rule['external-address'] <> "any")
+ $extaddr = $rule['external-address'] . "/32";
+ else
+ $extaddr = $rule['external-address'];
+ else
+ $extaddr = get_current_wan_address($rule['interface']);
+
+ if (!$rule['interface'] || ($rule['interface'] == "wan"))
+ $natif = $wanif;
+ else if($rule['interface'] == "\$pptp")
+ $natif = "pptp";
+ else if($rule['interface'] == "\$pppoe")
+ $natif = "pppoe";
+ else
+ $natif = $config['interfaces'][$rule['interface']]['if'];
+
+ $lanif = $lancfg['if'];
+
+ /*
+ * Expand aliases
+ * XXX: may want to integrate this into pf macros
+ */
+ if(alias_expand($target))
+ $target = alias_expand($target);
+ if(alias_expand($extaddr))
+ $extaddr = alias_expand($extaddr);
+
+ if(!isset($config['system']['disablenatreflection'])) {
+
+ /* if list */
+ $iflist = array("lan" => "LAN");
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++)
+ $iflist['opt' . $i] = "opt{$i}";
+
+ foreach ($iflist as $ifent => $ifname) {
+
+ /* do not process interfaces with gateways*/
+ if($config['interfaces'][$ifname]['gateway'] <> "")
+ continue;
+
+ /* do not process interfaces that will end up with gateways */
+ if($config['interfaces'][$ifname]['ipaddr'] == "dhcp" or
+ $config['interfaces'][$ifname]['ipaddr'] == "bigpond" or
+ $config['interfaces'][$ifname]['ipaddr'] == "pppoe" or
+ $config['interfaces'][$ifname]['ipaddr'] == "pptp")
+
+ continue;
+
+ $ifname_real = convert_friendly_interface_to_real_interface_name($ifname);
+
+ if($extport[1])
+ $range_end = ($extport[1]);
+ else
+ $range_end = ($extport[0]);
+
+ $range_end++;
+
+ if($rule['local-port'])
+ $lrange_start = $rule['local-port'];
+
+ if($range_end - $extport[0] > 500) {
+ $range_end = $extport[0]+1;
+ log_error("Not installing nat reflection rules for a port range > 500");
+ } else {
+ /* only install reflection rules for < 19991 items */
+ if($starting_localhost_port < 19991) {
+ $loc_pt = $lrange_start;
+ for($x=$extport[0]; $x<$range_end; $x++) {
+
+ $starting_localhost_port++;
+ $ifname_real = convert_friendly_interface_to_friendly_descr(strtolower($ifname));
+
+ switch($rule['protocol']) {
+ case "tcp/udp":
+ $protocol = "{ tcp udp }";
+ $ipfrules .= "pass in quick on \${$ifname_real} inet proto tcp from any to \$loopback port {$starting_localhost_port} keep state label \"NAT REFLECT: Allow traffic to localhost\"\n";
+ $starting_localhost_port++;
+ $ipfrules .= "pass in quick on \${$ifname_real} inet proto udp from any to \$loopback port {$starting_localhost_port} keep state label \"NAT REFLECT: Allow traffic to localhost\"\n";
+ break;
+ case "tcp":
+ case "udp":
+ $protocol = $rule['protocol'];
+ $ipfrules .= "pass in quick on \${$ifname_real} inet proto {$rule['protocol']} from any to \$loopback port {$starting_localhost_port} keep state label \"NAT REFLECT: Allow traffic to localhost\"\n";
+ break;
+ default:
+ break;
+ }
+ $loc_pt++;
+ if($starting_localhost_port > 19990) {
+ log_error("Not installing nat reflection rules. Maximum 1,000 reached.");
+ $x = $range_end+1;
+ }
+ }
+ }
+ }
+ }
+
+ }
+ }
+ }
+
+ $ipfrules .= <<<EOD
+
+# allow access to DHCP server on LAN
+anchor "dhcpserverlan"
+pass in quick on \$lan proto udp from any port = 68 to 255.255.255.255 port = 67 label "allow access to DHCP server on LAN"
+pass in quick on \$lan proto udp from any port = 68 to $lanip port = 67 label "allow access to DHCP server on LAN"
+pass out quick on \$lan proto udp from $lanip port = 67 to any port = 68 label "allow access to DHCP server on LAN"
+
+EOD;
+
+ /* allow access to DHCP server on optional interfaces */
+ foreach ($optcfg as $on => $oc) {
+ if ($config[interfaces][$on][ipaddr] == "dhcp" ) {
+ $friendly_on = filter_get_opt_interface_descr($on);
+ $ipfrules .= <<<EOD
+
+# Not installing DHCP server firewall rules for $friendly_on which is configured for DHCP.
+
+EOD;
+ } elseif (isset($config['dhcpd'][$on]['enable']) && (!$oc['bridge']) ||
+ ($oc['bridge'] && isset($config['dhcpd'][$oc['bridge']]['enable']))) {
+
+ $friendly_on = filter_get_opt_interface_descr($on);
+
+ $ipfrules .= <<<EOD
+
+# allow access to DHCP server on {$on}
+anchor "dhcpserver{$friendly_on}"
+pass in quick on \${$friendly_on} proto udp from any port = 68 to 255.255.255.255 port = 67 label "allow access to DHCP server"
+pass in quick on \${$friendly_on} proto udp from any port = 68 to {$oc['ip']} port = 67 label "allow access to DHCP server"
+pass out quick on \${$friendly_on} proto udp from {$oc['ip']} port = 67 to any port = 68 label "allow access to DHCP server"
+
+EOD;
+ }
+ }
+
+ /* pass traffic between statically routed subnets and the subnet on the
+ interface in question to avoid problems with complicated routing
+ topologies */
+ $sa = "";
+ if (isset($config['filter']['bypassstaticroutes']) && is_array($config['staticroutes']['route']) && count($config['staticroutes']['route'])) {
+ $ipfrules .= <<<EOD
+anchor "staticroutes"
+
+EOD;
+ foreach ($config['staticroutes']['route'] as $route) {
+ unset($sa);
+ $friendly_int = convert_friendly_interface_to_friendly_descr($route['interface']);
+ if ($route['interface'] == "lan") {
+ $sa = $lansa;
+ $sn = $lansn;
+ $if = $lanif;
+ $friendly_int = "lan";
+ } else if (strstr($route['interface'], "opt")) {
+ $oc = $optcfg[$route['interface']];
+ if ($oc['ip']) {
+ $sa = $oc['sa'];
+ $sn = $oc['sn'];
+ $if = $oc['if'];
+ }
+ }
+
+ if ($sa) {
+ $ipfrules .= <<<EOD
+pass in quick on \${$friendly_int} from {$sa}/{$sn} to {$route['network']} no state label "pass traffic between statically routed subnets"
+pass in quick on \${$friendly_int} from {$route['network']} to {$sa}/{$sn} no state label "pass traffic between statically routed subnets"
+pass out quick on \${$friendly_int} from {$sa}/{$sn} to {$route['network']} no state label "pass traffic between statically routed subnets"
+pass out quick on \${$friendly_int} from {$route['network']} to {$sa}/{$sn} no state label "pass traffic between statically routed subnets"
+
+EOD;
+ }
+ }
+ }
+
+ /* install wan spoof check rule if lan address exists */
+ if($lansa) {
+ if(!isset($config['interfaces']['wan']['spoofmac'])) {
+ $ipfrules .= <<<EOD
+
+# WAN spoof check
+anchor "wanspoof"
+block in $log quick on \$wan from $lansa/$lansn to any label "WAN spoof check"
+
+EOD;
+
+ }
+ }
+
+ foreach ($optcfg as $oc) {
+ if (!$oc['bridge'])
+ if($oc['sa'] <> "")
+ if(isset($oc['enable']))
+ $ipfrules .= "block in $log quick on \$wan from {$oc['sa']}/{$oc['sn']} to any label \"interface spoof check\"\n";
+ }
+
+ /* allow PPTP traffic if PPTP client is enabled on WAN */
+ if ($wancfg['ipaddr'] == "pptp") {
+ $ipfrules .= <<<EOD
+
+# allow PPTP client
+anchor "pptpclient"
+pass in quick on \$wan proto gre from any to any modulate state label "allow PPTP client"
+pass in quick on \$wan proto gre from any to any modulate state label "allow PPTP client"
+pass in quick on \$wan proto tcp from any port = 1723 to any flags S/SA modulate state label "allow PPTP client"
+pass in quick on \$wan proto tcp from any to any port = 1723 flags S/SA modulate state label "allow PPTP client"
+
+EOD;
+ }
+
+ if ($wancfg['ipaddr'] == "dhcp") {
+
+ $ipfrules .= <<<EOD
+
+# allow our DHCP client out to the WAN
+anchor "wandhcp"
+pass out quick on \$wan proto udp from any port = 68 to any port = 67 label "allow dhcp client out wan"
+
+EOD;
+ }
+
+if($config['interfaces']['lan']['bridge'] <> "wan" and $config['interfaces']['wan']['bridge'] <> "lan")
+ $ipfrules .= "block in $log quick on \$wan proto udp from any port = 67 to {$lansa_sn_combo} port = 68 label \"block dhcp client out wan\"\n";
+
+ $ipfrules .= <<<EOD
+
+# LAN/OPT spoof check (needs to be after DHCP because of broadcast addresses)
+
+EOD;
+
+ /* LAN spoof check */
+ $lanbridge = false;
+ foreach($config['interfaces'] as $int)
+ if($int['bridge'] == "lan")
+ $lanbridge = true;
+ if(!$lanbridge)
+ $ipfrules .= filter_rules_spoofcheck_generate('lan', $lanif, $lansa, $lansn, $log);
+ $wanbridge = false;
+ foreach($config['interfaces'] as $int)
+ if($int['bridge'] == "wan")
+ $lanbridge = true;
+ if($config['interfaces']['lan']['bridge'] == "wan")
+ $wanbridge = true;
+
+ /* OPT spoof check */
+ foreach ($optcfg as $on => $oc) {
+ $isbridged = false;
+ foreach ($optcfg as $on2 => $oc2) {
+ if ($oc2['bridge'] && $oc2['bridge'] == $on) {
+ $isbridged = true;
+ break;
+ }
+ }
+ if ($oc['ip'] && !(($oc['bridge'] || $isbridged) && isset($config['bridge']['filteringbridge'])))
+ $ipfrules .= filter_rules_spoofcheck_generate($on, $oc['if'], $oc['sa'], $oc['sn'], $log);
+ }
+
+ $ipfrules .= "\nanchor \"spoofing\"\n";
+
+ /* block private networks on WAN? */
+ if (isset($config['interfaces']['wan']['blockpriv'])) {
+ if($wanbridge == false) {
+ $ipfrules .= <<<EOD
+
+# block anything from private networks on WAN interface
+anchor "spoofing"
+antispoof for \$wan
+block in $log quick on \$wan from 10.0.0.0/8 to any label "block private networks from wan block 10/8"
+block in $log quick on \$wan from 127.0.0.0/8 to any label "block private networks from wan block 127/8"
+block in $log quick on \$wan from 172.16.0.0/12 to any label "block private networks from wan block 172.16/12"
+block in $log quick on \$wan from 192.168.0.0/16 to any label "block private networks from wan block 192.168/16"
+
+EOD;
+
+ }
+ }
+
+ /*
+ * Support for allow limiting of TCP connections by establishment rate
+ * Useful for protecting against sudden outburts, etc.
+ */
+ $ipfrules .= <<<EODF
+# Support for allow limiting of TCP connections by establishment rate
+anchor "limitingesr"
+table <virusprot>
+block in quick from <virusprot> to any label "virusprot overload table"
+
+EODF;
+
+ /* block bogon networks on WAN */
+ /* http://www.cymru.com/Documents/bogon-bn-nonagg.txt */
+ /* file is automatically in cron every 3000 minutes */
+ if (isset($config['interfaces']['wan']['blockbogons'])) {
+ $ipfrules .= <<<EOD
+
+# block bogon networks
+# http://www.cymru.com/Documents/bogon-bn-nonagg.txt
+anchor "wanbogons"
+table <bogons> persist file "/etc/bogons"
+block in $log quick on \$wan from <bogons> to any label "block bogon networks from wan"
+
+EOD;
+ }
+
+if (!isset($config['shaper']['enable']) && !is_array($config['shaper']['queue']) and $config['system']['shapertype'] <> "m0n0") {
+
+ $ipfrules .= <<<EOD
+
+# let out anything from the firewall host itself and decrypted IPsec traffic
+pass out quick on \$lan proto icmp keep state label "let out anything from firewall host itself"
+pass out quick on \$wan proto icmp keep state label "let out anything from firewall host itself"
+
+# tcp.closed 5 is a workaround for load balancing, squid and a few other issues.
+# ticket (FEN-857512) in centipede tracker.
+pass out quick on $wanif all keep state ( tcp.closed 5 ) label "let out anything from firewall host itself"
+
+EOD;
+
+}
+
+ $ipfrules .= create_firewall_outgoing_rules_to_itself();
+
+ /* group heads for optional interfaces */
+ foreach ($optcfg as $on => $oc) {
+
+ $friendly_on = convert_friendly_interface_to_friendly_descr($on);
+
+ if($oc['descr'])
+ $friendly_on = $oc['descr'];
+
+ $ipfrules .= <<<EOD
+
+
+# let out anything from the firewall host itself and decrypted IPsec traffic
+pass out quick on {$oc['if']} proto icmp keep state ( tcp.closed 5 ) label "let out anything from firewall host itself"
+pass out quick on \${$friendly_on} all keep state ( tcp.closed 5 ) label "let out anything from firewall host itself"
+
+EOD;
+
+ }
+
+ if($config['interfaces']['wan']['ipaddr'] == "pppoe")
+ $ipfrules .= <<<EOD
+# permit wan interface to ping out (ping_hosts.sh)
+pass out quick on ng0 proto icmp keep state ( tcp.closed 5 ) label "let out anything from firewall host itself"
+
+EOD;
+
+ if (!isset($config['system']['webgui']['noantilockout'])) {
+
+ if($lansa and $lansn) {
+
+ $ipfrules .= <<<EOD
+
+# make sure the user cannot lock himself out of the webGUI or SSH
+anchor "anti-lockout"
+pass in quick on $lanif from any to $lanip keep state label "anti-lockout web rule"
+
+EOD;
+ }
+ }
+
+ /* PPTPd enabled? */
+ if ($pptpdcfg['mode'] && ($pptpdcfg['mode'] != "off")) {
+
+ if ($pptpdcfg['mode'] == "server")
+ $pptpdtarget = get_current_wan_address();
+ else
+ $pptpdtarget = $pptpdcfg['redir'];
+
+ if($pptpdtarget) {
+ if(!isset($config['system']['disablevpnrules'])) {
+ $ipfrules .= <<<EOD
+
+# PPTPd rules
+anchor "pptp"
+pass in quick on \$wan proto gre from any to $pptpdtarget keep state label "allow gre pptpd"
+pass in quick on \$wan proto tcp from any to $pptpdtarget port = 1723 modulate state label "allow pptpd {$pptpdtarget}"
+
+EOD;
+ }
+
+ } else {
+ /* this shouldnt ever happen but instead of breaking the clients ruleset
+ * log an error.
+ */
+ log_error("ERROR! PPTP enabled but could not resolve the \$pptpdtarget");
+ }
+ }
+
+ /* BigPond client enabled? */
+ if ($wancfg['ipaddr'] == "bigpond") {
+
+ $ipfrules .= <<<EOD
+
+# BigPond heartbeat rules
+anchor "bigpond"
+pass in quick proto udp from any to any port = 5050 keep state label "BigPond heartbeat"
+
+# package manager late specific hook
+anchor "packagelate"
+
+
+
+EOD;
+ }
+
+ $ipfrules .= "\n# SSH lockout\n";
+ $ipfrules .= "block in log quick proto tcp from <sshlockout> to any port 22 label \"sshlockout\"\n\n";
+
+ $ipfrules .= "anchor \"ftpproxy\"\n";
+ $ipfrules .= "anchor \"pftpx/*\"\n";
+
+ $ipfrules .= process_carp_rules();
+
+ if (isset($config['filter']['rule'])) {
+ /* Pre-cache all our rules so we only have to generate them once */
+ $rule_arr = array();
+ foreach ($config['filter']['rule'] as $rule) {
+ update_filter_reload_status("Pre-caching {$rule['descr']}...");
+ $line = "";
+ if (!isset($rule['disabled'])) {
+ if ($rule['interface'] == "pptp") {
+ /* we have a pptp rule but its turned off, ignore */
+ if(!$config['pptpd']['mode'] == "server")
+ continue;
+ $n_pptp_units = $g['n_pptp_units'];
+ if($config['pptp']['n_pptp_units'] <> "")
+ $nif = $config['pptp']['n_pptp_units'];
+ /*
+ * now that PPTP server are user rules, detect
+ * that user is setting the pptp server rule
+ * and setup for all netgraph interfaces
+ */
+ $rule_arr[] = generate_user_filter_rule_arr($rule, 0);
+ } else if($rule['interface'] == "pppoe") {
+ if(!$config['pppoe']['mode'] == "server")
+ continue;
+ $n_pppoe_units = $g['n_pppoe_units'];
+ if($config['pppoe']['n_pppoe_units'] <> "")
+ $nif = $config['pppoe']['n_pppoe_units'];
+ /*
+ * now that pppoe server are user rules, detect
+ * that user is setting the pppoe server rule
+ * and setup for all netgraph interfaces
+ */
+ $rule_arr[] = generate_user_filter_rule_arr($rule, 0);
+ } else {
+ $rule_arr[] = generate_user_filter_rule_arr($rule, 0);
+ }
+ }
+ }
+
+ $ipfrules .= "\n# User-defined aliases follow\n";
+ /* tables for aliases */
+ foreach($table_cache as $table) {
+ $ipfrules .= $table;
+ }
+
+ /* Shaper rules */
+ if (isset($config['shaper']['enable']) && is_array($config['shaper']['queue']) && isset($config['filter']['rule']) and $config['system']['shapertype'] <> "m0n0") {
+
+ $ipfrules .= "\n# Anchors for rules that might be matched by queues\n";
+
+ /* This is ugly, but we generate one anchor per queue */
+ foreach ($config['shaper']['queue'] as $queue) {
+ update_filter_reload_status("Creating filter anchor for {$queue['name']} ...");
+ /* Add anchor to rules */
+ $ipfrules .= "anchor {$queue['name']} tagged {$queue['name']}\n";
+ $ipfrules .= "load anchor {$queue['name']} from \"{$g['tmp_path']}/{$queue['name']}.rules\"\n";
+ /* Create rules for anchors */
+ $fd = fopen("{$g['tmp_path']}/{$queue['name']}.rules", "w");
+ /* aliases don't recurse to anchors */
+ $line = filter_generate_aliases();
+ fwrite($fd, $line);
+ foreach($rule_arr as $rule) {
+ if($rule['ackq'] != "")
+ $line = "{$rule['rule']} queue ({$queue['name']}, {$rule['ackq']}) {$rule['descr']}\n";
+ else
+ $line = "{$rule['rule']} queue {$queue['name']} {$rule['descr']}\n";
+ fwrite($fd, $line);
+ }
+ fclose($fd);
+ }
+ }
+
+ $ipfrules .= "\n# User-defined rules follow\n";
+ /* Generate user rule lines */
+ foreach($rule_arr as $rule) {
+ $line = "";
+ if (!isset($rule['disabled'])) {
+ $line = $rule['rule'];
+ if($line <> "") {
+ /* Add default queue if we're using the shaper */
+ if (isset($config['shaper']['enable']) && is_array($config['shaper']['queue']) and $config['system']['shapertype'] <> "m0n0") {
+ $defq = find_default_queue($rule['interface']);
+ $ackq = $rule['ackq'];
+ if (($defq != "") and ($ackq != ""))
+ $line .= " queue ({$defq}, {$ackq}) ";
+ }
+ /* label */
+ $line .= " {$rule['descr']}";
+ }
+ }
+ $line .= "\n";
+ $ipfrules .= $line;
+ }
+ }
+
+ update_filter_reload_status("Creating carp rules...");
+
+ $ipfrules .= "\n# VPN Rules\n";
+ $lan_ip = $config['interfaces']['lan']['ipaddr'];
+ $lan_subnet = $config['interfaces']['lan']['subnet'];
+ $wanif = get_real_wan_interface();
+ $wan_ip = find_interface_ip($wanif);
+ if($wan_ip) {
+ $internal_subnet = gen_subnet($lan_ip, $lan_subnet) . "/" . $config['interfaces']['lan']['subnet'];
+ /* Is IP Compression enabled? */
+ if(isset($config['ipsec']['ipcomp']))
+ exec("/sbin/sysctl net.inet.ipcomp.ipcomp_enable=1");
+ else
+ exec("/sbin/sysctl net.inet.ipcomp.ipcomp_enable=0");
+
+ /* build an interface collection */
+ $ifdescrs = array ("wan");
+ for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++) {
+ if(isset($config['interfaces']['opt' . $j]['enable']))
+ $ifdescrs['opt' . $j] = filter_get_opt_interface_descr("opt" . $j);
+ }
+
+ if(is_array($config['ipsec']['tunnel']) && isset($config['ipsec']['enable'])) {
+ foreach ($config['ipsec']['tunnel'] as $tunnel) {
+ if(isset($tunnel['disabled']))
+ continue;
+ update_filter_reload_status("Creating IPSEC tunnel items {$tunnel['descr']}...");
+ /* if tunnel is disabled, lets skip to next item */
+ $ipsec_ips = array(get_current_wan_address($tunnel['interface']));
+ /* is this a dynamic dns hostname? */
+ if(!is_ipaddr($tunnel['remote-gateway'])) {
+ $remote_gateway = resolve_retry($tunnel['remote-gateway']);
+ } else {
+ $remote_gateway = $tunnel['remote-gateway'];
+ }
+ /* do not add items with blank remote_gateway */
+ if(!is_ipaddr($remote_gateway)) {
+ $ipfrules .= "# ERROR! Remote gateway not found on {$tunnel['remote-gateway']}\n";
+ continue;
+ }
+ $local_subnet = return_vpn_subnet($tunnel['local-subnet']);
+ foreach($ifdescrs as $iface) {
+ foreach($ipsec_ips as $interface_ip) {
+ if($iface == "wan")
+ $interface_ip = find_interface_ip(get_real_wan_interface());
+ else
+ $interface_ip = find_interface_ip(convert_friendly_interface_to_real_interface_name($iface));
+ if(!$interface_ip)
+ continue;
+ if(!$remote_gateway)
+ continue;
+ if(isset($config['system']['disablevpnrules']))
+ continue;
+
+ $shorttunneldescr = substr($tunnel['descr'], 0, 26);
+ $ipfrules .= "pass out quick on \${$iface} proto udp from any to {$remote_gateway} port = 500 keep state label \"IPSEC: {$shorttunneldescr} - outbound isakmp\"\n";
+ $ipfrules .= "pass in quick on \${$iface} proto udp from {$remote_gateway} to any port = 500 keep state label \"IPSEC: {$shorttunneldescr} - inbound isakmp\"\n";
+ if ($tunnel['p2']['protocol'] == 'esp') {
+ $ipfrules .= "pass out quick on \${$iface} proto esp from any to {$remote_gateway} keep state label \"IPSEC: {$shorttunneldescr} - outbound esp proto\"\n";
+ $ipfrules .= "pass in quick on \${$iface} proto esp from {$remote_gateway} to any keep state label \"IPSEC: {$shorttunneldescr} - inbound esp proto\"\n";
+ }
+ if ($tunnel['p2']['protocol'] == 'ah') {
+ $ipfrules .= "pass out quick on \${$iface} proto ah from any to {$remote_gateway} keep state label \"IPSEC: {$shorttunneldescr} - outbound ah proto\"\n";
+ $ipfrules .= "pass in quick on \${$iface} proto ah from {$remote_gateway} to any keep state label \"IPSEC: {$shorttunneldescr} - inbound ah proto\"\n";
+ }
+ }
+ }
+ }
+ }
+
+ /* is mobile ipsec enabled? if so lets allow some pretty
+ * loose rules to allow mobile clients to phone in.
+ */
+ $ipseccfg = $config['ipsec'];
+ if (isset($ipseccfg['mobileclients']['enable'])) {
+ if(!isset($config['system']['disablevpnrules'])) {
+ foreach($ifdescrs as $iface) {
+ $ipfrules .= "pass in quick on \${$iface} proto udp from any to any port = 500 keep state label \"IPSEC: Mobile - inbound isakmp\"\n";
+ $ipfrules .= "pass in quick on \${$iface} proto esp from any to any keep state label \"IPSEC: Mobile - inbound esp proto\"\n";
+ $ipfrules .= "pass in quick on \${$iface} proto ah from any to any keep state label \"IPSEC: Mobile - inbound ah proto\"\n";
+ }
+ }
+ }
+ }
+ $ipfrules .= <<<EOD
+
+pass in quick on $lanif inet proto tcp from any to \$loopback port 8021 keep state label "FTP PROXY: Allow traffic to localhost"
+pass in quick on $lanif inet proto tcp from any to \$loopback port 21 keep state label "FTP PROXY: Allow traffic to localhost"
+pass in quick on $wanif inet proto tcp from port 20 to ($wanif) port > 49000 flags S/SA keep state label "FTP PROXY: PASV mode data connection"
+
+EOD;
+
+ if(!isset($config['system']['disableftpproxy'])) {
+
+ $ipfrules .= "# enable ftp-proxy\n";
+
+ $optcfg = array();
+ generate_optcfg_array($optcfg);
+ $ftp_counter = "8022";
+ foreach($optcfg as $oc) {
+ if(!isset($oc['gateway']) && $oc['if'] <> "") {
+ $ipfrules .= "pass in quick on " . $oc['if'] . " inet proto tcp from any to \$loopback port {$ftp_counter} keep state label \"FTP PROXY: Allow traffic to localhost\"\n";
+ $ipfrules .= "pass in quick on " . $oc['if'] . " inet proto tcp from any to \$loopback port 21 keep state label \"FTP PROXY: Allow traffic to localhost\"\n";
+ }
+ $ftp_counter++;
+ }
+
+ if(isset($config['system']['rfc959workaround'])) {
+ $ipfrules .= <<<EODEOD
+
+# Fix sites that violate RFC 959 which specifies that the data connection
+# be sourced from the command port - 1 (typically port 20)
+# This workaround doesn't expose us to any extra risk as we'll still only allow
+# connections to the firewall on a port that ftp-proxy is listening on
+pass in quick on $wanif inet proto tcp from any to ($wanif) port > 49000 flags S/SA keep state label "FTP PROXY: RFC959 violation workaround"
+
+EODEOD;
+
+ $optcfg = array();
+ generate_optcfg_array($optcfg);
+ foreach($optcfg as $oc) {
+ if($oc['gateway'] <> "")
+ $ipfrules .= "pass in quick on {$oc['if']} inet proto tcp from any to ({$oc['if']}) port > 49000 flags S/SA keep state label \"FTP PROXY: RFC959 violation workaround\" \n";
+ }
+ }
+ }
+
+ $ipfrules .= <<<EOD
+
+# IMSpector
+anchor "imspector"
+
+# uPnPd
+anchor "miniupnpd"
+
+#---------------------------------------------------------------------------
+# default deny rules
+#---------------------------------------------------------------------------
+block in $log quick all label "Default deny rule"
+block out $log quick all label "Default deny rule"
+
+EOD;
+
+ return $ipfrules;
+}
+
+function filter_rules_spoofcheck_generate($ifname, $if, $sa, $sn, $log) {
+
+ global $g, $config;
+
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "filter_rules_spoofcheck_generate() being called $mt\n";
+ }
+
+ $ipfrules = "antispoof for {$if}\n";
+
+ return $ipfrules;
+
+}
+
+function setup_logging_interfaces() {
+ global $config;
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "setup_logging_interfaces() being called $mt\n";
+ }
+ $rules = "";
+ $i = 0;
+ $ifdescrs = array('wan', 'lan');
+ for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) {
+ $ifdescrs['opt' . $j] = "opt" . $j;
+ }
+ foreach ($ifdescrs as $ifdescr => $ifname) {
+ /* do not work with tun interfaces */
+ if(stristr(filter_translate_type_to_real_interface($ifname), "tun") == true) continue;
+ $int = filter_translate_type_to_real_interface($ifname);
+ $rules .= "set loginterface {$int}\n";
+ }
+ return $rules;
+}
+
+function create_firewall_outgoing_rules_to_itself() {
+ global $config, $g;
+
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "create_firewall_outgoing_rules_to_itself() being called $mt\n";
+ }
+
+ $i = 0;
+ $rule .= "# pass traffic from firewall -> out\n";
+ $rule .= "anchor \"firewallout\"\n";
+ $ifdescrs = array('wan', 'lan');
+ for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++)
+ $ifdescrs['opt' . $j] = "opt" . $j;
+
+ /* go through primary and optional interfaces */
+ foreach ($ifdescrs as $ifdescr => $ifname) {
+ $return_gateway = $config['interfaces'][$ifname]['gateway'];
+ $ints = array();
+ $int = filter_translate_type_to_real_interface($ifname);
+ /* if the interface is pppoe, set the ng0 interface */
+ update_filter_reload_status("Creating IPSEC tunnel items {$tunnel['descr']}...");
+ $ip = find_interface_ip($int);
+ if ($config['interfaces'][$ifname]['ipaddr'] == "pppoe")
+ $int = " { " . filter_translate_type_to_real_interface($ifname) . " ng0 } ";
+ if (isset($config['shaper']['enable']) && is_array($config['shaper']['queue']) and $config['system']['shapertype'] <> "m0n0") {
+ $ackq = get_ack_queue($ifname);
+ $defq = find_default_queue($ifname);
+ /* Handle all tagged packets */
+ foreach ($config['shaper']['queue'] as $queue) {
+ if(!filter_is_queue_being_used_on_interface($queue['name'], $ifname, 'out'))
+ continue;
+ if ($ackq == "" || $defq == "") {
+ /* Shaper must not be enabled on this interface */
+ $q = "";
+ } else {
+ $q = "queue ({$queue['name']}, {$ackq})";
+ }
+ $rule .="pass out quick on {$int} all keep state tagged {$queue['name']} {$q} label \"let out anything from firewall host itself\"\n";
+ }
+ /* Handle untagged packets */
+ if ($ackq == "" || $defq == "") {
+ /* Shaper must not be enabled on this interface */
+ $q = "";
+ } else {
+ $q = "queue ({$defq}, {$ackq})";
+ }
+ $rule .="pass out quick on {$int} all keep state {$q} label \"let out anything from firewall host itself\"\n";
+ } else {
+ /* first add a rule for the real interface, then for ng0 */
+ $rule .="pass out quick on {$int} all keep state label \"let out anything from firewall host itself\"\n";
+ }
+ }
+/*
+ update_filter_reload_status("Setting up bridging items");
+ // is bridging turned on?
+ for($x=0; $x<10; $x++) {
+ if(does_interface_exist("bridge{$x}") == true)
+ $rule .="pass out quick on bridge{$x} all keep state label \"let out anything from firewall host itself\"\n";
+ }
+*/
+ update_filter_reload_status("Setting up pptp items");
+ if($config['pptpd']['mode'] == "server")
+ $rule .="pass out quick on \$pptp all keep state label \"let out anything from firewall host itself pptp\"\n";
+
+ update_filter_reload_status("Setting up pppoe items");
+ if($config['pppoe']['mode'] == "server")
+ $rule .="pass out quick on \$pppoe all keep state label \"let out anything from firewall host itself pppoe\"\n";
+
+ update_filter_reload_status("Setting up gif tunnels");
+ /* setup outgoing gif tunnels */
+ $number_of_gifs = find_last_gif_device();
+ $number_of_gifs++;
+ for($x=0; $x<$number_of_gifs; $x++) {
+ if(does_interface_exist("gif{$x}") == true)
+ $rule .="pass out quick on gif{$x} all keep state label \"let out anything from firewall host itself ipsec gif\"\n";
+ }
+
+ update_filter_reload_status("Setting up tun interfaces (openvpn)");
+ /* openvpn tun interfaces. check for 100. */
+ for($x=0; $x<100; $x++) {
+ if(does_interface_exist("tun{$x}") == true) {
+ $rule .="pass out quick on tun{$x} all keep state label \"let out anything from firewall host itself openvpn\"\n";
+ $friendlytunif = convert_real_interface_to_friendly_interface_name("tun{$x}");
+ /* If the interface has a gateway we do not add a pass in rule. */
+ /* Some people use a TUN tunnel with public IP as a Multiwan interface */
+ if(interface_has_gateway("tun{$x}")) {
+ $rule .= "# Not adding default pass in rule for interface $friendlytunif - tun{$x} with a gateway!\n";
+ } elseif (!isset($config['system']['disablevpnrules'])) {
+ $rule .="pass in quick on tun{$x} all keep state label \"let out anything from firewall host itself openvpn\"\n";
+ }
+ }
+ }
+ for($x=0; $x<100; $x++) {
+ if(does_interface_exist("tap{$x}") == true) {
+ $rule .="pass out quick on tap{$x} all keep state label \"let out anything from firewall host itself openvpn\"\n";
+ $friendlytapif = convert_real_interface_to_friendly_interface_name("tap{$x}");
+ /* If the interface has a gateway we do not add a pass in rule. */
+ /* Some people use a TAP tunnel with public IP as a Multiwan interface */
+ if(interface_has_gateway("tap{$x}")) {
+ $rule .= "# Not adding default pass in rule for interface $friendlytapif - tap{$x} with a gateway!\n";
+ } elseif (!isset($config['system']['disablevpnrules'])) {
+ $rule .="pass in quick on tap{$x} all keep state label \"let out anything from firewall host itself openvpn\"\n";
+ }
+ }
+ }
+
+ /* permit internal ipsec outbound traffic */
+ $rule .="pass out quick on \$enc0 keep state label \"IPSEC internal host to host\"";
+
+ return $rule;
+}
+
+function process_carp_nat_rules() {
+ global $g, $config;
+
+ update_filter_reload_status("Creating CARP NAT rules");
+
+ $wan_interface = get_real_wan_interface();
+
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "process_carp_nat_rules() being called $mt\n";
+ }
+ $lines = "";
+ if($config['installedpackages']['carp']['config'] != "")
+ foreach($config['installedpackages']['carp']['config'] as $carp) {
+ $ip = $carp['ipaddress'];
+ if($ip <> "any") {
+ $ipnet = "any";
+ } else {
+ $int = find_ip_interface($ip);
+ $carp_int = find_carp_interface($ip);
+ }
+ if($int != false and $int != $wan_interface) {
+ $ipnet = convert_ip_to_network_format($ip, $carp['netmask']);
+ if($int)
+ $lines .= "nat on {$int} inet from {$ipnet} to any -> ({$carp_int}) \n";
+ }
+ }
+ return $lines;
+}
+
+function process_carp_rules() {
+ global $g, $config;
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "process_carp_rules() being called $mt\n";
+ }
+ $lines = "";
+ /* return if there are no carp configured items */
+ if($config['installedpackages']['carpsettings']['config'] <> "" or
+ $config['virtualip']['vip'] <> "") {
+ $lines .= "pass quick proto carp\n";
+ $lines .= "pass quick proto pfsync";
+ }
+ return $lines;
+}
+
+function remove_special_characters($string) {
+ $match_array = "";
+ preg_match_all("/[a-zA-Z0-9\_\-]+/",$string,$match_array);
+ $string = "";
+ foreach($match_array[0] as $ma) {
+ if($string <> "")
+ $string .= " ";
+ $string .= $ma;
+ }
+ return $string;
+}
+
+function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsense.restore_config_section') {
+ global $config, $g;
+
+ if($g['booting'])
+ return;
+
+ update_filter_reload_status("Syncing CARP data to {$url}");
+
+ /* make a copy of config */
+ $config_copy = $config;
+
+ /* strip out nosync items */
+ for ($x = 0; $x < count($config_copy['nat']['advancedoutbound']['rule']); $x++) {
+ if (isset ($config_copy['nat']['advancedoutbound']['rule'][$x]['nosync']))
+ unset ($config_copy['nat']['advancedoutbound']['rule'][$x]);
+ $config_copy['nat']['advancedoutbound']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['advancedoutbound']['rule'][$x]['descr']);
+ }
+ for ($x = 0; $x < count($config_copy['nat']['rule']); $x++) {
+ if (isset ($config_copy['nat']['rule'][$x]['nosync']))
+ unset ($config_copy['nat']['rule'][$x]);
+ $config_copy['nat']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['rule'][$x]['descr']);
+ }
+ for ($x = 0; $x < count($config_copy['filter']['rule']); $x++) {
+ if (isset ($config_copy['filter']['rule'][$x]['nosync']))
+ unset ($config_copy['filter']['rule'][$x]);
+ $config_copy['filter']['rule'][$x]['descr'] = remove_special_characters($config_copy['filter']['rule'][$x]['descr']);
+ }
+ for ($x = 0; $x < count($config_copy['aliases']['alias']); $x++) {
+ if (isset ($config_copy['aliases']['alias'][$x]['nosync']))
+ unset ($config_copy['aliases']['alias'][$x]);
+ $config_copy['aliases']['alias'][$x]['descr'] = remove_special_characters($config_copy['aliases']['alias'][$x]['descr']);
+ }
+ for ($x = 0; $x < count($config_copy['dnsmasq']['hosts']); $x++) {
+ if (isset ($config_copy['dnsmasq']['hosts'][$x]['nosync']))
+ unset ($config_copy['dnsmasq']['hosts'][$x]);
+ $config_copy['dnsmasq']['hosts'][$x]['descr'] = remove_special_characters($config_copy['dnsmasq']['hosts'][$x]['descr']);
+ }
+ for ($x = 0; $x < count($config_copy['virtualip']['vip']); $x++) {
+ if (isset ($config_copy['virtualip']['vip'][$x]['nosync']) or $config_copy['virtualip']['vip'][$x]['mode'] == "proxyarp")
+ unset ($config_copy['virtualip']['vip'][$x]);
+ $config_copy['virtualip']['vip'][$x]['descr'] = remove_special_characters($config_copy['virtualip']['vip'][$x]['descr']);
+ }
+ for ($x = 0; $x < count($config_copy['ipsec']['tunnel']); $x++) {
+ if (isset ($config_copy['ipsec']['tunnel'][$x]['nosync']))
+ unset ($config_copy['ipsec']['tunnel'][$x]);
+ $config_copy['ipsec']['tunnel'][$x]['descr'] = remove_special_characters($config_copy['ipsec']['tunnel'][$x]['descr']);
+ }
+
+ foreach($sections as $section) {
+ /* we can't use array_intersect_key()
+ due to the vip 'special case' */
+ if($section != 'virtualip') {
+ $xml[$section] = $config_copy[$section];
+ } else {
+ $xml[$section] = backup_vip_config_section();
+ }
+ }
+
+ $params = array(
+ XML_RPC_encode($password),
+ XML_RPC_encode($xml)
+ );
+
+ $numberofruns = 0;
+ while($numberofruns < 2) {
+ log_error("Beginning XMLRPC sync to {$url}:{$port}.");
+ $msg = new XML_RPC_Message($method, $params);
+ $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+ $username = $config['system']['username'];
+ $cli->setCredentials($username, $password);
+ if($numberofruns == 1)
+ $cli->setDebug(1);
+ /* send our XMLRPC message and timeout after 240 seconds */
+ $resp = $cli->send($msg, "240");
+ if(!$resp) {
+ $error = "A communications error occured while attempting XMLRPC sync with username {$username} {$url}:{$port}.";
+ log_error($error);
+ file_notice("sync_settings", $error, "Settings Sync", "");
+ } elseif($resp->faultCode()) {
+ $error = "An error code was received while attempting XMLRPC sync with username {$username} {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error($error);
+ file_notice("sync_settings", $error, "Settings Sync", "");
+ } else {
+ log_error("XMLRPC sync successfully completed with {$url}:{$port}.");
+ $numberofruns = 3;
+ }
+ $numberofruns++;
+ }
+}
+
+function carp_sync_client() {
+
+ global $config, $g;
+
+ update_filter_reload_status("Building CARP sync information");
+
+ if($g['booting'])
+ return;
+
+ if(is_array($config['installedpackages']['carpsettings']['config'])) {
+ foreach($config['installedpackages']['carpsettings']['config'] as $carp) {
+ if($carp['synchronizetoip'] != "" ) {
+ /*
+ * XXX: The way we're finding the port right now is really suboptimal -
+ * we can't assume that the other machine is setup identically.
+ */
+ if($config['system']['webgui']['protocol'] != "") {
+ $synchronizetoip = $config['system']['webgui']['protocol'];
+ $synchronizetoip .= "://";
+ }
+ $port = $config['system']['webgui']['port'];
+ /* if port is empty lets rely on the protocol selection */
+ if($port == "") {
+ if($config['system']['webgui']['protocol'] == "http") {
+ $port = "80";
+ } else {
+ $port = "443";
+ }
+ }
+ $synchronizetoip .= $carp['synchronizetoip'];
+ if($carp['synchronizerules'] != "" and is_array($config['filter'])) {
+ $sections[] = 'filter';
+ }
+ if($carp['synchronizenat'] != "" and is_array($config['nat'])) {
+ $sections[] = 'nat';
+ }
+ if($carp['synchronizealiases'] != "" and is_array($config['aliases'])) {
+ $sections[] = 'aliases';
+ }
+ if($carp['synchronizedhcpd'] != "" and is_array($config['dhcpd'])) {
+ $sections[] = 'dhcpd';
+ }
+ if($carp['synchronizewol'] != "" and is_array($config['wol'])) {
+ $sections[] = 'wol';
+ }
+ if($carp['synchronizetrafficshaper'] != "" and is_array($config['shaper'])) {
+ $sections[] = 'shaper';
+ }
+ if($carp['synchronizestaticroutes'] != "" and is_array($config['staticroutes'])) {
+ $sections[] = 'staticroutes';
+ }
+ if($carp['synchronizevirtualip'] != "" and is_array($config['virtualip'])) {
+ $sections[] = 'virtualip';
+ }
+ if($carp['synchronizelb'] != "" and is_array($config['load_balancer'])) {
+ $sections[] = 'load_balancer';
+ }
+ if($carp['synchronizeipsec'] != "" and is_array($config['ipsec'])) {
+ $sections[] = 'ipsec';
+ }
+ if($carp['synchronizednsforwarder'] != "" and is_array($config['dnsmasq'])) {
+ $sections[] = 'dnsmasq';
+ }
+ if($carp['synchronizeschedules'] != "" and is_array($config['schedules'])) {
+ $sections[] = 'schedules';
+ }
+ if(count($sections) > 0) {
+ update_filter_reload_status("Signaling CARP reload signal...");
+ carp_sync_xml($synchronizetoip, $carp['password'], $sections, $port);
+ $cli = new XML_RPC_Client('/xmlrpc.php', $synchronizetoip, $port);
+ $msg = new XML_RPC_Message('pfsense.filter_configure', array(new XML_RPC_Value($carp['password'], 'string')));
+ $username = $config['system']['username'];
+ $cli->setCredentials($username, $carp['password']);
+ $cli->send($msg, "900");
+ /* signal a carp reload */
+ $msg = new XML_RPC_Message('pfsense.interfaces_carp_configure');
+ $cli->send($msg, "900");
+ }
+ }
+ }
+ }
+
+}
+
+function return_vpn_subnet($adr) {
+ global $config;
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "return_vpn_subnet() being called $mt\n";
+ }
+
+ if ($adr['address']) {
+ list($padr, $pmask) = explode("/", $adr['address']);
+ if (is_null($pmask))
+ return "{$padr}/32";
+ return "{$padr}/{$pmask}";
+ }
+
+ /* XXX: do not return wan, lan, etc */
+ if(strstr($adr['network'], "wan") or strstr($adr['network'], "lan") or strstr($adr['network'], "opt"))
+ return convert_ip_to_network_format($config['interfaces'][$adr['network']]['ipaddr'],
+ $config['interfaces'][$adr['network']]['subnet']);
+
+ /* fallback - error */
+ return " # error - {$adr['network']} ";
+
+}
+
+?>
diff --git a/config/Fit123/bin/cpaddon/services_captiveportal.abc b/config/Fit123/bin/cpaddon/services_captiveportal.abc
new file mode 100755
index 00000000..42f8631f
--- /dev/null
+++ b/config/Fit123/bin/cpaddon/services_captiveportal.abc
@@ -0,0 +1,608 @@
+<?php
+/*
+ services_captiveportal.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+$pgtitle = "Services:Captive portal";
+require("guiconfig.inc");
+
+if (!is_array($config['captiveportal'])) {
+ $config['captiveportal'] = array();
+ $config['captiveportal']['page'] = array();
+ $config['captiveportal']['timeout'] = 60;
+}
+
+if ($_GET['act'] == "viewhtml") {
+ echo base64_decode($config['captiveportal']['page']['htmltext']);
+ exit;
+} else if ($_GET['act'] == "viewerrhtml") {
+ echo base64_decode($config['captiveportal']['page']['errtext']);
+ exit;
+}
+
+$pconfig['cinterface'] = $config['captiveportal']['interface'];
+$pconfig['maxproc'] = $config['captiveportal']['maxproc'];
+$pconfig['maxprocperip'] = $config['captiveportal']['maxprocperip'];
+$pconfig['timeout'] = $config['captiveportal']['timeout'];
+$pconfig['idletimeout'] = $config['captiveportal']['idletimeout'];
+$pconfig['enable'] = isset($config['captiveportal']['enable']);
+$pconfig['auth_method'] = $config['captiveportal']['auth_method'];
+$pconfig['radacct_enable'] = isset($config['captiveportal']['radacct_enable']);
+$pconfig['radmac_enable'] = isset($config['captiveportal']['radmac_enable']);
+$pconfig['radmac_secret'] = $config['captiveportal']['radmac_secret'];
+$pconfig['reauthenticate'] = isset($config['captiveportal']['reauthenticate']);
+$pconfig['reauthenticateacct'] = $config['captiveportal']['reauthenticateacct'];
+$pconfig['httpslogin_enable'] = isset($config['captiveportal']['httpslogin']);
+$pconfig['httpsname'] = strtolower($config['captiveportal']['httpsname']);
+$pconfig['cert'] = base64_decode($config['captiveportal']['certificate']);
+$pconfig['key'] = base64_decode($config['captiveportal']['private-key']);
+$pconfig['logoutwin_enable'] = isset($config['captiveportal']['logoutwin_enable']);
+$pconfig['peruserbw'] = isset($config['captiveportal']['peruserbw']);
+$pconfig['bwdefaultdn'] = $config['captiveportal']['bwdefaultdn'];
+$pconfig['bwdefaultup'] = $config['captiveportal']['bwdefaultup'];
+$pconfig['nomacfilter'] = isset($config['captiveportal']['nomacfilter']);
+$pconfig['noconcurrentlogins'] = isset($config['captiveportal']['noconcurrentlogins']);
+$pconfig['redirurl'] = $config['captiveportal']['redirurl'];
+$pconfig['radiusip'] = $config['captiveportal']['radiusip'];
+$pconfig['radiusip2'] = $config['captiveportal']['radiusip2'];
+$pconfig['radiusport'] = $config['captiveportal']['radiusport'];
+$pconfig['radiusport2'] = $config['captiveportal']['radiusport2'];
+$pconfig['radiusacctport'] = $config['captiveportal']['radiusacctport'];
+$pconfig['radiuskey'] = $config['captiveportal']['radiuskey'];
+$pconfig['radiuskey2'] = $config['captiveportal']['radiuskey2'];
+$pconfig['radiusvendor'] = $config['captiveportal']['radiusvendor'];
+
+//$pconfig['radiussession_timeout'] = isset($config['captiveportal']['radiussession_timeout']);
+
+if ($_POST) {
+
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ /* input validation */
+ if ($_POST['enable']) {
+ $reqdfields = explode(" ", "cinterface");
+ $reqdfieldsn = explode(",", "Interface");
+
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ /* make sure no interfaces are bridged */
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ $coptif = &$config['interfaces']['opt' . $i];
+ if (isset($coptif['enable']) && $coptif['bridge'] == $pconfig['cinterface']) {
+ $input_errors[] = "The captive portal cannot be used when one or more interfaces are bridged.";
+ break;
+ }
+ }
+
+ if ($_POST['httpslogin_enable']) {
+ if (!$_POST['cert'] || !$_POST['key']) {
+ $input_errors[] = "Certificate and key must be specified for HTTPS login.";
+ } else {
+ if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE"))
+ $input_errors[] = "This certificate does not appear to be valid.";
+ if (!strstr($_POST['key'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['key'], "END RSA PRIVATE KEY"))
+ $input_errors[] = "This key does not appear to be valid.";
+ }
+
+ if (!$_POST['httpsname'] || !is_domain($_POST['httpsname'])) {
+ $input_errors[] = "The HTTPS server name must be specified for HTTPS login.";
+ }
+ }
+ }
+
+ if ($_POST['timeout'] && (!is_numeric($_POST['timeout']) || ($_POST['timeout'] < 1))) {
+ $input_errors[] = "The timeout must be at least 1 minute.";
+ }
+ if ($_POST['idletimeout'] && (!is_numeric($_POST['idletimeout']) || ($_POST['idletimeout'] < 1))) {
+ $input_errors[] = "The idle timeout must be at least 1 minute.";
+ }
+ if (($_POST['radiusip'] && !is_ipaddr($_POST['radiusip']))) {
+ $input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip']."]";
+ }
+ if (($_POST['radiusip2'] && !is_ipaddr($_POST['radiusip2']))) {
+ $input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip2']."]";
+ }
+ if (($_POST['radiusport'] && !is_port($_POST['radiusport']))) {
+ $input_errors[] = "A valid port number must be specified. [".$_POST['radiusport']."]";
+ }
+ if (($_POST['radiusport2'] && !is_port($_POST['radiusport2']))) {
+ $input_errors[] = "A valid port number must be specified. [".$_POST['radiusport2']."]";
+ }
+ if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) {
+ $input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]";
+ }
+ if ($_POST['maxproc'] && (!is_numeric($_POST['maxproc']) || ($_POST['maxproc'] < 4) || ($_POST['maxproc'] > 100))) {
+ $input_errors[] = "The total maximum number of concurrent connections must be between 4 and 100.";
+ }
+ $mymaxproc = $_POST['maxproc'] ? $_POST['maxproc'] : 16;
+ if ($_POST['maxprocperip'] && (!is_numeric($_POST['maxprocperip']) || ($_POST['maxprocperip'] > $mymaxproc))) {
+ $input_errors[] = "The maximum number of concurrent connections per client IP address may not be larger than the global maximum.";
+ }
+
+ if (!$input_errors) {
+ $config['captiveportal']['interface'] = $_POST['cinterface'];
+ $config['captiveportal']['maxproc'] = $_POST['maxproc'];
+ $config['captiveportal']['maxprocperip'] = $_POST['maxprocperip'] ? $_POST['maxprocperip'] : false;
+ $config['captiveportal']['timeout'] = $_POST['timeout'];
+ $config['captiveportal']['idletimeout'] = $_POST['idletimeout'];
+ $config['captiveportal']['enable'] = $_POST['enable'] ? true : false;
+ $config['captiveportal']['auth_method'] = $_POST['auth_method'];
+ $config['captiveportal']['radacct_enable'] = $_POST['radacct_enable'] ? true : false;
+ $config['captiveportal']['reauthenticate'] = $_POST['reauthenticate'] ? true : false;
+ $config['captiveportal']['radmac_enable'] = $_POST['radmac_enable'] ? true : false;
+ $config['captiveportal']['radmac_secret'] = $_POST['radmac_secret'] ? $_POST['radmac_secret'] : false;
+ $config['captiveportal']['reauthenticateacct'] = $_POST['reauthenticateacct'];
+ $config['captiveportal']['httpslogin'] = $_POST['httpslogin_enable'] ? true : false;
+ $config['captiveportal']['httpsname'] = $_POST['httpsname'];
+ $config['captiveportal']['peruserbw'] = $_POST['peruserbw'] ? true : false;
+ $config['captiveportal']['bwdefaultdn'] = $_POST['bwdefaultdn'];
+ $config['captiveportal']['bwdefaultup'] = $_POST['bwdefaultup'];
+ $config['captiveportal']['certificate'] = base64_encode($_POST['cert']);
+ $config['captiveportal']['private-key'] = base64_encode($_POST['key']);
+ $config['captiveportal']['logoutwin_enable'] = $_POST['logoutwin_enable'] ? true : false;
+ $config['captiveportal']['nomacfilter'] = $_POST['nomacfilter'] ? true : false;
+ $config['captiveportal']['noconcurrentlogins'] = $_POST['noconcurrentlogins'] ? true : false;
+ $config['captiveportal']['redirurl'] = $_POST['redirurl'];
+ $config['captiveportal']['radiusip'] = $_POST['radiusip'];
+ $config['captiveportal']['radiusip2'] = $_POST['radiusip2'];
+ $config['captiveportal']['radiusport'] = $_POST['radiusport'];
+ $config['captiveportal']['radiusport2'] = $_POST['radiusport2'];
+ $config['captiveportal']['radiusacctport'] = $_POST['radiusacctport'];
+ $config['captiveportal']['radiuskey'] = $_POST['radiuskey'];
+ $config['captiveportal']['radiuskey2'] = $_POST['radiuskey2'];
+ $config['captiveportal']['radiusvendor'] = $_POST['radiusvendor'] ? $_POST['radiusvendor'] : false;
+ //$config['captiveportal']['radiussession_timeout'] = $_POST['radiussession_timeout'] ? true : false;
+
+ /* file upload? */
+ if (is_uploaded_file($_FILES['htmlfile']['tmp_name']))
+ $config['captiveportal']['page']['htmltext'] = base64_encode(file_get_contents($_FILES['htmlfile']['tmp_name']));
+ if (is_uploaded_file($_FILES['errfile']['tmp_name']))
+ $config['captiveportal']['page']['errtext'] = base64_encode(file_get_contents($_FILES['errfile']['tmp_name']));
+
+ write_config();
+
+ $retval = 0;
+
+ config_lock();
+ $retval = captiveportal_configure();
+ config_unlock();
+
+ $savemsg = get_std_save_message($retval);
+ }
+}
+include("head.inc");
+?>
+<?php include("fbegin.inc"); ?>
+<script language="JavaScript">
+<!--
+function enable_change(enable_change) {
+ var endis, radius_endis;
+ endis = !(document.iform.enable.checked || enable_change);
+ radius_endis = !((!endis && document.iform.auth_method[2].checked) || enable_change);
+
+ document.iform.cinterface.disabled = endis;
+ //document.iform.maxproc.disabled = endis;
+ document.iform.maxprocperip.disabled = endis;
+ document.iform.idletimeout.disabled = endis;
+ document.iform.timeout.disabled = endis;
+ document.iform.redirurl.disabled = endis;
+ document.iform.radiusip.disabled = radius_endis;
+ document.iform.radiusip2.disabled = radius_endis;
+ document.iform.radiusport.disabled = radius_endis;
+ document.iform.radiusport2.disabled = radius_endis;
+ document.iform.radiuskey.disabled = radius_endis;
+ document.iform.radiuskey2.disabled = radius_endis;
+ document.iform.radacct_enable.disabled = radius_endis;
+ document.iform.peruserbw.disabled = endis;
+ document.iform.bwdefaultdn.disabled = endis;
+ document.iform.bwdefaultup.disabled = endis;
+ document.iform.reauthenticate.disabled = radius_endis;
+ document.iform.auth_method[0].disabled = endis;
+ document.iform.auth_method[1].disabled = endis;
+ document.iform.auth_method[2].disabled = endis;
+ document.iform.radmac_enable.disabled = radius_endis;
+ document.iform.httpslogin_enable.disabled = endis;
+ document.iform.httpsname.disabled = endis;
+ document.iform.cert.disabled = endis;
+ document.iform.key.disabled = endis;
+ document.iform.logoutwin_enable.disabled = endis;
+ document.iform.nomacfilter.disabled = endis;
+ document.iform.noconcurrentlogins.disabled = endis;
+ document.iform.radiusvendor.disabled = radius_endis;
+ //document.iform.radiussession_timeout.disabled = radius_endis;
+ document.iform.htmlfile.disabled = endis;
+ document.iform.errfile.disabled = endis;
+
+ document.iform.radiusacctport.disabled = (radius_endis || !document.iform.radacct_enable.checked) && !enable_change;
+
+ document.iform.radmac_secret.disabled = (radius_endis || !document.iform.radmac_enable.checked) && !enable_change;
+
+ var reauthenticate_dis = (radius_endis || !document.iform.reauthenticate.checked) && !enable_change;
+ document.iform.reauthenticateacct[0].disabled = reauthenticate_dis;
+ document.iform.reauthenticateacct[1].disabled = reauthenticate_dis;
+ document.iform.reauthenticateacct[2].disabled = reauthenticate_dis;
+}
+//-->
+</script>
+<p class="pgtitle"><?=$pgtitle?></p>
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
+<form action="services_captiveportal.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td class="tabnavtbl">
+<?php
+ $tab_array = array();
+ $tab_array[] = array("Captive portal", true, "services_captiveportal.php");
+ $tab_array[] = array("Pass-through MAC", false, "services_captiveportal_mac.php");
+ $tab_array[] = array("Allowed IP addresses", false, "services_captiveportal_ip.php");
+ $tab_array[] = array("Users", false, "services_captiveportal_users.php");
+ $tab_array[] = array("File Manager", false, "services_captiveportal_filemanager.php");
+ display_top_tabs($tab_array);
+?> </td></tr>
+ <tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top" class="vtable">&nbsp;</td>
+ <td width="78%" class="vtable">
+ <input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)">
+ <strong>Enable captive portal </strong></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Interface</td>
+ <td width="78%" class="vtable">
+ <select name="cinterface" class="formfld" id="cinterface">
+ <?php $interfaces = array('lan' => 'LAN');
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ if (isset($config['interfaces']['opt' . $i]['enable']))
+ $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+ }
+ foreach ($interfaces as $iface => $ifacename): ?>
+ <option value="<?=$iface;?>" <?php if ($iface == $pconfig['cinterface']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename);?>
+ </option>
+ <?php endforeach; ?>
+ </select> <br>
+ <span class="vexpl">Choose which interface to run the captive portal on.</span></td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell">Maximum concurrent connections</td>
+ <td class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td><input name="maxprocperip" type="text" class="formfld" id="maxprocperip" size="5" value="<?=htmlspecialchars($pconfig['maxprocperip']);?>"> per client IP address (0 = no limit)</td>
+ </tr>
+ </table>
+This setting limits the number of concurrent connections to the captive portal HTTP(S) server. This does not set how many users can be logged in
+to the captive portal, but rather how many users can load the portal page or authenticate at the same time!
+Default is 4 connections per client IP address, with a total maximum of 16 connections.</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell">Idle timeout</td>
+ <td class="vtable">
+ <input name="idletimeout" type="text" class="formfld" id="idletimeout" size="6" value="<?=htmlspecialchars($pconfig['idletimeout']);?>">
+minutes<br>
+Clients will be disconnected after this amount of inactivity. They may log in again immediately, though. Leave this field blank for no idle timeout.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Hard timeout</td>
+ <td width="78%" class="vtable">
+ <input name="timeout" type="text" class="formfld" id="timeout" size="6" value="<?=htmlspecialchars($pconfig['timeout']);?>">
+ minutes<br>
+ Clients will be disconnected after this amount of time, regardless of activity. They may log in again immediately, though. Leave this field blank for no hard timeout (not recommended unless an idle timeout is set).</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Logout popup window</td>
+ <td width="78%" class="vtable">
+ <input name="logoutwin_enable" type="checkbox" class="formfld" id="logoutwin_enable" value="yes" <?php if($pconfig['logoutwin_enable']) echo "checked"; ?>>
+ <strong>Enable logout popup window</strong><br>
+ If enabled, a popup window will appear when clients are allowed through the captive portal. This allows clients to explicitly disconnect themselves before the idle or hard timeout occurs.</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell">Redirection URL</td>
+ <td class="vtable">
+ <input name="redirurl" type="text" class="formfld" id="redirurl" size="60" value="<?=htmlspecialchars($pconfig['redirurl']);?>">
+ <br>
+If you provide a URL here, clients will be redirected to that URL instead of the one they initially tried
+to access after they've authenticated.</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell">Concurrent user logins</td>
+ <td class="vtable">
+ <input name="noconcurrentlogins" type="checkbox" class="formfld" id="noconcurrentlogins" value="yes" <?php if ($pconfig['noconcurrentlogins']) echo "checked"; ?>>
+ <strong>Disable concurrent logins</strong><br>
+ If this option is set, only the most recent login per username will be active. Subsequent logins will cause machines previously logged in with the same username to be disconnected.</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell">MAC filtering </td>
+ <td class="vtable">
+ <input name="nomacfilter" type="checkbox" class="formfld" id="nomacfilter" value="yes" <?php if ($pconfig['nomacfilter']) echo "checked"; ?>>
+ <strong>Disable MAC filtering</strong><br>
+ If this option is set, no attempts will be made to ensure that the MAC address of clients stays the same while they're logged in.
+ This is required when the MAC address of the client cannot be determined (usually because there are routers between <?=$g['product_name']; ?> and the clients).
+ If this is enabled, RADIUS MAC authentication cannot be used.</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell">Per-user bandwidth restriction</td>
+ <td class="vtable">
+ <input name="peruserbw" type="checkbox" class="formfld" id="peruserbw" value="yes" <?php if ($pconfig['peruserbw']) echo "checked"; ?>>
+ <strong>Enable per-user bandwidth restriction</strong><br><br>
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td>Default download</td>
+ <td><input type="text" class="formfld" name="bwdefaultdn" id="bwdefaultdn" size="10" value="<?=htmlspecialchars($pconfig['bwdefaultdn']);?>"> Kbit/s</td>
+ </tr>
+ <tr>
+ <td>Default upload</td>
+ <td><input type="text" class="formfld" name="bwdefaultup" id="bwdefaultup" size="10" value="<?=htmlspecialchars($pconfig['bwdefaultup']);?>"> Kbit/s</td>
+ </tr></table>
+ <br>
+ If this option is set, the captive portal will restrict each user who logs in to the specified default bandwidth. RADIUS can override the default settings. Leave empty or set to 0 for no limit.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Authentication</td>
+ <td width="78%" class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="none" onClick="enable_change(false)" <?php if($pconfig['auth_method']!="local" && $pconfig['auth_method']!="radius") echo "checked"; ?>>
+ No authentication</td>
+ </tr>
+ <tr>
+ <td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="local" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="local") echo "checked"; ?>>
+ Local <a href="services_captiveportal_users.php">user manager</a></td>
+ </tr>
+ <tr>
+ <td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="radius" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius") echo "checked"; ?>>
+ RADIUS authentication</td>
+ </tr><tr>
+ <td>&nbsp;</td>
+ <td>&nbsp;</td>
+ </tr>
+ </table>
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="optsect_t2">Primary RADIUS server</td>
+ </tr>
+ <tr>
+ <td class="vncell" valign="top">IP address</td>
+ <td class="vtable"><input name="radiusip" type="text" class="formfld" id="radiusip" size="20" value="<?=htmlspecialchars($pconfig['radiusip']);?>"><br>
+ Enter the IP address of the RADIUS server which users of the captive portal have to authenticate against.</td>
+ </tr>
+ <tr>
+ <td class="vncell" valign="top">Port</td>
+ <td class="vtable"><input name="radiusport" type="text" class="formfld" id="radiusport" size="5" value="<?=htmlspecialchars($pconfig['radiusport']);?>"><br>
+ Leave this field blank to use the default port (1812).</td>
+ </tr>
+ <tr>
+ <td class="vncell" valign="top">Shared secret&nbsp;&nbsp;</td>
+ <td class="vtable"><input name="radiuskey" type="text" class="formfld" id="radiuskey" size="16" value="<?=htmlspecialchars($pconfig['radiuskey']);?>"><br>
+ Leave this field blank to not use a RADIUS shared secret (not recommended).</td>
+ </tr>
+ <tr>
+ <td colspan="2" class="list" height="12"></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="optsect_t2">Secondary RADIUS server</td>
+ </tr>
+ <tr>
+ <td class="vncell" valign="top">IP address</td>
+ <td class="vtable"><input name="radiusip2" type="text" class="formfld" id="radiusip2" size="20" value="<?=htmlspecialchars($pconfig['radiusip2']);?>"><br>
+ If you have a second RADIUS server, you can activate it by entering its IP address here.</td>
+ </tr>
+ <tr>
+ <td class="vncell" valign="top">Port</td>
+ <td class="vtable"><input name="radiusport2" type="text" class="formfld" id="radiusport2" size="5" value="<?=htmlspecialchars($pconfig['radiusport2']);?>"></td>
+ </tr>
+ <tr>
+ <td class="vncell" valign="top">Shared secret&nbsp;&nbsp;</td>
+ <td class="vtable"><input name="radiuskey2" type="text" class="formfld" id="radiuskey2" size="16" value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td>
+ </tr>
+ <tr>
+ <td colspan="2" class="list" height="12"></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="optsect_t2">Accounting</td>
+ </tr>
+ <tr>
+ <td class="vncell">&nbsp;</td>
+ <td class="vtable"><input name="radacct_enable" type="checkbox" id="radacct_enable" value="yes" onClick="enable_change(false)" <?php if($pconfig['radacct_enable']) echo "checked"; ?>>
+ <strong>send RADIUS accounting packets</strong><br>
+ If this is enabled, RADIUS accounting packets will be sent to the primary RADIUS server.</td>
+ </tr>
+ <tr>
+ <td class="vncell" valign="top">Accounting port</td>
+ <td class="vtable"><input name="radiusacctport" type="text" class="formfld" id="radiusacctport" size="5" value="<?=htmlspecialchars($pconfig['radiusacctport']);?>"><br>
+ Leave blank to use the default port (1813).</td>
+ </tr>
+ <tr>
+ <td colspan="2" class="list" height="12"></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="optsect_t2">Reauthentication</td>
+ </tr>
+ <tr>
+ <td class="vncell">&nbsp;</td>
+ <td class="vtable"><input name="reauthenticate" type="checkbox" id="reauthenticate" value="yes" onClick="enable_change(false)" <?php if($pconfig['reauthenticate']) echo "checked"; ?>>
+ <strong>Reauthenticate connected users every minute</strong><br>
+ If reauthentication is enabled, Access-Requests will be sent to the RADIUS server for each user that is
+ logged in every minute. If an Access-Reject is received for a user, that user is disconnected from the captive portal immediately.</td>
+ </tr>
+ <tr>
+ <td class="vncell" valign="top">Accounting updates</td>
+ <td class="vtable">
+ <input name="reauthenticateacct" type="radio" value="" <?php if(!$pconfig['reauthenticateacct']) echo "checked"; ?>> no accounting updates<br>
+ <input name="reauthenticateacct" type="radio" value="stopstart" <?php if($pconfig['reauthenticateacct'] == "stopstart") echo "checked"; ?>> stop/start accounting<br>
+ <input name="reauthenticateacct" type="radio" value="interimupdate" <?php if($pconfig['reauthenticateacct'] == "interimupdate") echo "checked"; ?>> interim update
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" class="list" height="12"></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="optsect_t2">RADIUS MAC authentication</td>
+ </tr>
+ <tr>
+ <td class="vncell">&nbsp;</td>
+ <td class="vtable">
+ <input name="radmac_enable" type="checkbox" id="radmac_enable" value="yes" onClick="enable_change(false)" <?php if ($pconfig['radmac_enable']) echo "checked"; ?>><strong>Enable RADIUS MAC authentication</strong><br>
+ If this option is enabled, the captive portal will try to authenticate users by sending their MAC address as the username and the password
+ entered below to the RADIUS server.</td>
+ </tr>
+ <tr>
+ <td class="vncell">Shared secret</td>
+ <td class="vtable"><input name="radmac_secret" type="text" class="formfld" id="radmac_secret" size="16" value="<?=htmlspecialchars($pconfig['radmac_secret']);?>"></td>
+ </tr>
+ <tr>
+ <td colspan="2" class="list" height="12"></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="optsect_t2">RADIUS options</td>
+ </tr>
+
+ <!--
+ <tr>
+ <td class="vncell" valign="top">Session-Timeout</td>
+ <td class="vtable"><input name="radiussession_timeout" type="checkbox" id="radiussession_timeout" value="yes" <?php if ($pconfig['radiussession_timeout']) echo "checked"; ?>><strong>Use RADIUS Session-Timeout attributes</strong><br>
+ When this is enabled, clients will be disconnected after the amount of time retrieved from the RADIUS Session-Timeout attribute.</td>
+ </tr>
+ -->
+
+ <tr>
+ <td class="vncell" valign="top">Type</td>
+ <td class="vtable"><select name="radiusvendor" id="radiusvendor">
+ <option>default</option>
+ <?php
+ $radiusvendors = array("cisco");
+ foreach ($radiusvendors as $radiusvendor){
+ if ($pconfig['radiusvendor'] == $radiusvendor)
+ echo "<option selected value=\"$radiusvendor\">$radiusvendor</option>\n";
+ else
+ echo "<option value=\"$radiusvendor\">$radiusvendor</option>\n";
+ }
+ ?></select><br>
+ If RADIUS type is set to Cisco, in Access-Requests the value of Calling-Station-Id will be set to the client's IP address and
+ the Called-Station-Id to the client's MAC address. Default behaviour is Calling-Station-Id = client's MAC address and Called-Station-Id = <?=$g['product_name'];?>'s WAN IP address.</td>
+ </tr>
+ </table>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell">HTTPS login</td>
+ <td class="vtable">
+ <input name="httpslogin_enable" type="checkbox" class="formfld" id="httpslogin_enable" value="yes" <?php if($pconfig['httpslogin_enable']) echo "checked"; ?>>
+ <strong>Enable HTTPS login</strong><br>
+ If enabled, the username and password will be transmitted over an HTTPS connection to protect against eavesdroppers. A server name, certificate and matching private key must also be specified below.</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell">HTTPS server name </td>
+ <td class="vtable">
+ <input name="httpsname" type="text" class="formfld" id="httpsname" size="30" value="<?=htmlspecialchars($pconfig['httpsname']);?>"><br>
+ This name will be used in the form action for the HTTPS POST and should match the Common Name (CN) in your certificate (otherwise, the client browser will most likely display a security warning). Make sure captive portal clients can resolve this name in DNS and verify on the client that the IP resolves to the correct interface IP on <?=$g['product_name'];?>.. </td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell">HTTPS certificate</td>
+ <td class="vtable">
+ <textarea name="cert" cols="65" rows="7" id="cert" class="formpre"><?=htmlspecialchars($pconfig['cert']);?></textarea>
+ <br>
+ Paste a signed certificate in X.509 PEM format here.</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell">HTTPS private key</td>
+ <td class="vtable">
+ <textarea name="key" cols="65" rows="7" id="key" class="formpre"><?=htmlspecialchars($pconfig['key']);?></textarea>
+ <br>
+ Paste an RSA private key in PEM format here.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Portal page contents</td>
+ <td width="78%" class="vtable">
+ <?=$mandfldhtml;?><input type="file" name="htmlfile" class="formfld" id="htmlfile"><br>
+ <?php
+ list($host) = explode(":", $_SERVER['HTTP_HOST']);
+ if(isset($config['captiveportal']['httpslogin'])) {
+ $href = "https://$host:8001";
+ } else {
+ $href = "http://$host:8000";
+ }
+ ?>
+ <?php if ($config['captiveportal']['page']['htmltext']): ?>
+ <a href="<?=$href?>" target="_new">View current page</a>
+ <br>
+ <br>
+ <?php endif; ?>
+ Upload an HTML file for the portal page here (leave blank to keep the current one). Make sure to include a form (POST to &quot;$PORTAL_ACTION$&quot;)
+with a submit button (name=&quot;accept&quot;) and a hidden field with name=&quot;redirurl&quot; and value=&quot;$PORTAL_REDIRURL$&quot;.
+Include the &quot;auth_user&quot; and &quot;auth_pass&quot; input fields if authentication is enabled, otherwise it will always fail.
+Example code for the form:<br>
+ <br>
+ <tt>&lt;form method=&quot;post&quot; action=&quot;$PORTAL_ACTION$&quot;&gt;<br>
+ &nbsp;&nbsp;&nbsp;&lt;input name=&quot;auth_user&quot; type=&quot;text&quot;&gt;<br>
+ &nbsp;&nbsp;&nbsp;&lt;input name=&quot;auth_pass&quot; type=&quot;password&quot;&gt;<br>
+ &nbsp;&nbsp;&nbsp;&lt;input name=&quot;redirurl&quot; type=&quot;hidden&quot; value=&quot;$PORTAL_REDIRURL$&quot;&gt;<br>
+&nbsp;&nbsp;&nbsp;&lt;input name=&quot;accept&quot; type=&quot;submit&quot; value=&quot;Continue&quot;&gt;<br>
+ &lt;/form&gt;</tt></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Authentication<br>
+ error page<br>
+ contents</td>
+ <td class="vtable">
+ <input name="errfile" type="file" class="formfld" id="errfile"><br>
+ <?php if ($config['captiveportal']['page']['errtext']): ?>
+ <a href="?act=viewerrhtml" target="_blank">View current page</a>
+ <br>
+ <br>
+ <?php endif; ?>
+The contents of the HTML file that you upload here are displayed when an authentication error occurs.
+You may include &quot;$PORTAL_MESSAGE$&quot;, which will be replaced by the error or reply messages from the RADIUS server, if any.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change(true)">
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br>
+ </strong></span>Changing any settings on this page will disconnect all clients! Don't forget to enable the DHCP server on your captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the timeout entered on this page. Also, the DNS forwarder needs to be enabled for DNS lookups by unauthenticated clients to work. </span></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+</form>
+<script language="JavaScript">
+<!--
+enable_change(false);
+//-->
+</script>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/Fit123/fit123.inc b/config/Fit123/fit123.inc
index 646ab65f..30c39b37 100644
--- a/config/Fit123/fit123.inc
+++ b/config/Fit123/fit123.inc
@@ -13,17 +13,20 @@ function Fit123_install_config() {
conf_mount_rw();
config_lock();
exec("cd ..");
+//Adding new themes
+ exec("tar -zxovf /usr/local/pkg/code-red.tar.gz");
+ exec("mv code-red /usr/local/www/themes/code-red");
+ exec("tar -zxovf /usr/local/pkg/pfsense_ng.tar.gz");
+ exec("mv pfsense\ ng /usr/local/www/themes/pfsense\ ng");
//Creating backup directory
exec("mkdir /usr/local/pkg/Fit123");
exec("mkdir /usr/local/pkg/Fit123/backup");
//Copy orignal files to backup dir
//Date
exec("cp /usr/local/www/index.php /usr/local/pkg/Fit123/backup/");
- //Code-Red Nervecenter Theme
- exec("cp /usr/local/www/themes/nervecenter/all.css /usr/local/pkg/Fit123/backup/");
- exec("cp /usr/local/www/themes/nervecenter/images/background.gif /usr/local/pkg/Fit123/backup/");
- exec("cp /usr/local/www/themes/nervecenter/images/footer.png /usr/local/pkg/Fit123/backup/");
- exec("cp /usr/local/www/themes/nervecenter/images/header.png /usr/local/pkg/Fit123/backup/");
+ //Captive Portal Add-On
+ exec("cp /etc/inc/filter.inc /usr/local/pkg/Fit123/backup/");
+ exec("cp /usr/local/www/services_captiveportal.php /usr/local/pkg/Fit123/backup/");
//LTSP network boot Option
exec("cp /etc/inc/services.inc /usr/local/pkg/Fit123/backup/");
exec("cp /usr/local/www/services_dhcp.php /usr/local/pkg/Fit123/backup/");
@@ -33,12 +36,10 @@ function Fit123_install_config() {
//Date
exec("mkdir /usr/local/pkg/Fit123/date");
exec("fetch -o /usr/local/pkg/Fit123/date/index.php http://www.pfsense.com/packages/config/Fit123/bin/date/index.abc");
- //Code-Red Nervecenter Theme
- exec("mkdir /usr/local/pkg/Fit123/code-red");
- exec("fetch -o /usr/local/pkg/Fit123/code-red/ http://www.pfsense.com/packages/config/Fit123/bin/code-red/all.css");
- exec("fetch -o /usr/local/pkg/Fit123/code-red/ http://www.pfsense.com/packages/config/Fit123/bin/code-red/background.gif");
- exec("fetch -o /usr/local/pkg/Fit123/code-red/ http://www.pfsense.com/packages/config/Fit123/bin/code-red/footer.png");
- exec("fetch -o /usr/local/pkg/Fit123/code-red/ http://www.pfsense.com/packages/config/Fit123/bin/code-red/header.png");
+ //Captive Portal Add-On
+ exec("mkdir /usr/local/pkg/Fit123/cpaddon");
+ exec("fetch -o /usr/local/pkg/Fit123/cpaddon/filter.inc http://www.pfsense.com/packages/config/Fit123/bin/cpaddon/filter.inc");
+ exec("fetch -o /usr/local/pkg/Fit123/cpaddon/services_captiveportal.php http://www.pfsense.com/packages/config/Fit123/bin/cpaddon/services_captiveportal.abc");
//LTSP 3th network boot Option
exec("mkdir /usr/local/pkg/Fit123/LTSP");
exec("fetch -o /usr/local/pkg/Fit123/LTSP/ http://www.pfsense.com/packages/config/Fit123/bin/ltsp/services.inc");
@@ -65,19 +66,15 @@ global $config;
else
exec("cp /usr/local/pkg/Fit123/backup/index.php /usr/local/www/index.php");
- $codered = $config['installedpackages']['fit123']['config'][0]['codered'];
- if($codered){
- exec("cp /usr/local/pkg/Fit123/code-red/all.css /usr/local/www/themes/nervecenter/all.css");
- exec("cp /usr/local/pkg/Fit123/code-red/background.gif /usr/local/www/themes/nervecenter/images/background.gif");
- exec("cp /usr/local/pkg/Fit123/code-red/footer.png /usr/local/www/themes/nervecenter/images/footer.png");
- exec("cp /usr/local/pkg/Fit123/code-red/header.png /usr/local/www/themes/nervecenter/images/header.png");
+ $cpaddon = $config['installedpackages']['fit123']['config'][0]['cpaddon'];
+ if($cpaddon){
+ exec("cp /usr/local/pkg/Fit123/cpaddon/filter.inc /etc/inc/filter.inc");
+ exec("cp /usr/local/pkg/Fit123/cpaddon/services_captiveportal.php /usr/local/www/services_captiveportal.php");
}
else
{
- exec("cp /usr/local/pkg/Fit123/backup/all.css /usr/local/www/themes/nervecenter/all.css");
- exec("cp /usr/local/pkg/Fit123/backup/background.gif /usr/local/www/themes/nervecenter/images/background.gif");
- exec("cp /usr/local/pkg/Fit123/backup/footer.png /usr/local/www/themes/nervecenter/images/footer.png");
- exec("cp /usr/local/pkg/Fit123/backup/header.png /usr/local/www/themes/nervecenter/images/header.png");
+ exec("cp /usr/local/pkg/Fit123/backup/filter.inc /etc/inc/filter.inc");
+ exec("cp /usr/local/pkg/Fit123/backup/services_captiveportal.php /usr/local/www/services_captiveportal.php");
}
$ltsp = $config['installedpackages']['fit123']['config'][0]['ltsp'];
@@ -93,7 +90,7 @@ global $config;
$afc = $config['installedpackages']['fit123']['config'][0]['afc'];
if($afc)
- $config['system']['afterfilterchangeshellcmd'] = "/usr/local/bin/reset_states.sh";
+ $config['system']['afterfilterchangeshellcmd'] = "/usr/local/pkg/Fit123/afc/reset_states.sh";
else
$config['system']['afterfilterchangeshellcmd'] = "";
diff --git a/config/Fit123/fit123.xml b/config/Fit123/fit123.xml
index 04274234..61b6c0b8 100644
--- a/config/Fit123/fit123.xml
+++ b/config/Fit123/fit123.xml
@@ -37,6 +37,16 @@
<chmod>0644</chmod>
<item>http://www.pfsense.com/packages/config/Fit123/ddns.xml</item>
</additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0644</chmod>
+ <item>http://www.pfsense.com/packages/config/Fit123/bin/theme/code-red.tar.gz</item>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0644</chmod>
+ <item>http://www.pfsense.com/packages/config/Fit123/bin/theme/pfsense_ng.tar.gz</item>
+ </additional_files_needed>
+ </additional_files_needed>
<fields>
<field>
<fielddescr>Date</fielddescr>
@@ -45,9 +55,9 @@
<type>checkbox</type>
</field>
<field>
- <fielddescr>Code-red</fielddescr>
- <fieldname>codered</fieldname>
- <description>Change nervecenter Theme to Code-red</description>
+ <fielddescr>Captive Portal Add-On</fielddescr>
+ <fieldname>cpaddon</fieldname>
+ <description>Add changes outlined in http://forum.pfsense.org/index.php/topic,13844.0.html</description>
<type>checkbox</type>
</field>
<field>
diff --git a/config/autoconfigbackup/autoconfigbackup.php b/config/autoconfigbackup/autoconfigbackup.php
index 4f143adb..0af10b31 100644
--- a/config/autoconfigbackup/autoconfigbackup.php
+++ b/config/autoconfigbackup/autoconfigbackup.php
@@ -124,7 +124,7 @@ function get_hostnames() {
if ($input_errors)
print_input_errors($input_errors);
if($hostname <> $myhostname)
- print_info_box("Warning! You are currently viewing an alternate hosts backup history ($hostname)");
+ print_info_box("Warning! You are currently viewing an alternate host's backup history ($hostname)");
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td>
<div id="loading">
@@ -204,7 +204,7 @@ function get_hostnames() {
$ondisksha256 = trim(`/sbin/sha256 /tmp/config_restore.xml | awk '{ print $4 }'`);
if($sha256 != "0" && $sha256 != "") // we might not have a sha256 on file for older backups
if($ondisksha256 <> $sha256)
- $input_errors[] = "SHA256 values does not match, cannot restore.";
+ $input_errors[] = "SHA256 values do not match, cannot restore.";
if (curl_errno($curl_session)) {
/* If an error occured, log the error in /tmp/ */
$fd = fopen("/tmp/acb_restoredebug.txt", "w");
@@ -362,7 +362,7 @@ EOF;
if($counter == 0)
echo "<tr><td colspan='3'><center>Sorry, we could not locate any backups at portal.pfsense.org for this hostname ({$hostname}).</td></tr>";
else
- echo "<tr><td colspan='3'><center><br/>Backups hosted currently for this hostname on portalpfsense.org: {$counter}.</td></tr>";
+ echo "<tr><td colspan='3'><center><br/>Backups hosted currently for this hostname on portal.pfsense.org: {$counter}.</td></tr>";
?>
</table>
</div>
diff --git a/config/backup/backup.tmp b/config/backup/backup.tmp
index 86d645d0..546f9c3e 100644
--- a/config/backup/backup.tmp
+++ b/config/backup/backup.tmp
@@ -125,7 +125,7 @@ if ($_GET["savemsg"]) {
<?php
$tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/packages/backup/backup.php");
+ $tab_array[] = array(gettext("Settings"), true, "/packages/backup/backup.php");
display_top_tabs($tab_array);
?>
diff --git a/config/dashboard/dashboard.inc b/config/dashboard/dashboard.inc
index 07f4610c..cc37c8f5 100644
--- a/config/dashboard/dashboard.inc
+++ b/config/dashboard/dashboard.inc
@@ -3,46 +3,28 @@
function dashboard_install() {
global $g, $config;
assign_privs();
- if(!file_exists("/usr/local/www/index.php.before_dashboard")) {
- /* backup the pre-dashboard files */
- mwexec("mv /usr/local/www/index.php /usr/local/www/index.php.before_dashboard");
- mwexec("mv /usr/local/www/fbegin.inc /usr/local/www/fbegin.inc.before_dashboard");
- mwexec("mv /usr/local/www/diag_logs_filter.php /usr/local/www/diag_logs_filter.php.before_dashboard");
- mwexec("mv /usr/local/www/diag_logs_filter_dynamic.php /usr/local/www/diag_logs_filter_dynamic.php.before_dashboard");
- } else {
- /* Move the files, since we do not know what version they are, don't try to keep them. */
- mwexec("mv /usr/local/www/index.php /usr/local/www/index.php.tmp");
- mwexec("mv /usr/local/www/fbegin.inc /usr/local/www/fbegin.inc.tmp");
- mwexec("mv /usr/local/www/diag_logs_filter.php /usr/local/www/diag_logs_filter.php.tmp");
- mwexec("mv /usr/local/www/diag_logs_filter_dynamic.php /usr/local/www/diag_logs_filter_dynamic.php.tmp");
- }
- mwexec("tar xzvpf /usr/local/pkg/widgets.tgz -C /");
- assign_privs();
-}
-function dashboard_deinstall() {
- global $g, $config;
- assign_privs();
- if(file_exists("/usr/local/www/index.php.before_dashboard")) {
- /* restore the files prior to the dashboard package installation */
- mwexec("mv /usr/local/www/index.php.before_dashboard /usr/local/www/index.php");
+ if (file_exists("/usr/local/www/fbegin.inc.before_dashboard"))
mwexec("mv /usr/local/www/fbegin.inc.before_dashboard /usr/local/www/fbegin.inc");
- mwexec("mv /usr/local/www/diag_logs_filter.php.before_dashboard /usr/local/www/diag_logs_filter.php");
- mwexec("mv /usr/local/www/diag_logs_filter_dynamic.php.before_dashboard /usr/local/www/diag_logs_filter_dynamic.php");
- }
+
+ /* Copy, then rm the files for backup. For some odd reason, mv alone does
+ * not always result in the proper file being used. */
+ mwexec("cp /usr/local/www/index.php /usr/local/www/index.php.before_dashboard");
+ mwexec("cp /usr/local/www/diag_logs_filter.php /usr/local/www/diag_logs_filter.php.before_dashboard");
+ mwexec("cp /usr/local/www/diag_logs_filter_dynamic.php /usr/local/www/diag_logs_filter_dynamic.php.before_dashboard");
+
+ mwexec("tar xzvpUf /usr/local/pkg/widgets.tgz -C /");
assign_privs();
}
function assign_privs() {
/* Fix permissions on replaced files */
mwexec("chown root:wheel /usr/local/www/index.php");
- mwexec("chown root:wheel /usr/local/www/fbegin.php");
mwexec("chown root:wheel /usr/local/www/graph_cpu.php");
mwexec("chown root:wheel /usr/local/www/stats.php");
mwexec("chown root:wheel /usr/local/www/diag_logs_filter.php");
mwexec("chown root:wheel /usr/local/www/diag_logs_filter_dynamic.php");
mwexec("chmod ug+rw,o-w /usr/local/www/index.php");
- mwexec("chmod ug+rw,o-w /usr/local/www/fbegin.php");
mwexec("chmod ug+rw,o-w /usr/local/www/graph_cpu.php");
mwexec("chmod ug+rw,o-w /usr/local/www/stats.php");
mwexec("chmod ug+rw,o-w /usr/local/www/diag_logs_filter.php");
diff --git a/config/dashboard/dashboard.xml b/config/dashboard/dashboard.xml
index 3b6de1b0..7a299b47 100644
--- a/config/dashboard/dashboard.xml
+++ b/config/dashboard/dashboard.xml
@@ -7,7 +7,7 @@
/* $Id$ */
/* ========================================================================== */
/*
- authng.xml
+ dashboard.xml
part of pfSense (http://www.pfSense.com)
Copyright (C) 2007 to whom it may belong
All rights reserved.
@@ -46,7 +46,7 @@
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>dashboard</name>
- <version>0.7.5.3</version>
+ <version>0.7.6.2</version>
<title>Dashboard</title>
<include_file>/usr/local/pkg/dashboard.inc</include_file>
<additional_files_needed>
@@ -62,7 +62,4 @@
<custom_php_install_command>
dashboard_install();
</custom_php_install_command>
- <custom_php_deinstall_command>
- dashboard_deinstall();
- </custom_php_deinstall_command>
</packagegui>
diff --git a/config/freeswitch/call_forward_has_been_deleted.wav b/config/freeswitch/call_forward_has_been_deleted.wav
new file mode 100644
index 00000000..ebe6ed36
--- /dev/null
+++ b/config/freeswitch/call_forward_has_been_deleted.wav
Binary files differ
diff --git a/config/freeswitch/call_forward_has_been_set.wav b/config/freeswitch/call_forward_has_been_set.wav
new file mode 100644
index 00000000..58262852
--- /dev/null
+++ b/config/freeswitch/call_forward_has_been_set.wav
Binary files differ
diff --git a/config/freeswitch/disa.js b/config/freeswitch/disa.js
new file mode 100644
index 00000000..5cff6424
--- /dev/null
+++ b/config/freeswitch/disa.js
@@ -0,0 +1,78 @@
+include("/usr/local/freeswitch/scripts/config.js");
+
+ //var admin_pin = ""; //don't require a pin
+ //if you choose not to require a pin then then you may want to add a dialplan condition for a specific caller id
+ var predefined_destination = ""; //example: 9999
+ //predefined_destination leave empty in most cases
+ //Use this to define a single destination
+ var digitmaxlength = 0;
+ var timeoutpin = 7500;
+ var timeouttransfer = 7500;
+
+ function mycb( session, type, obj, arg ) {
+ try {
+ if ( type == "dtmf" ) {
+ console_log( "info", "digit: "+obj.digit+"\n" );
+ if ( obj.digit == "#" ) {
+ //console_log( "info", "detected pound sign.\n" );
+ exit = true;
+ return( false );
+ }
+
+ dtmf.digits += obj.digit;
+
+ if ( dtmf.digits.length >= digitmaxlength ) {
+ exit = true;
+ return( false );
+ }
+ }
+ } catch (e) {
+ console_log( "err", e+"\n" );
+ }
+ return( true );
+ } //end function mycb
+
+
+ //console_log( "info", "DISA Request\n" );
+
+ var dtmf = new Object( );
+ dtmf.digits = "";
+
+ if ( session.ready( ) ) {
+ session.answer( );
+
+ if (admin_pin.length > 0) {
+ digitmaxlength = 6;
+ session.streamFile( "/usr/local/freeswitch/sounds/custom/8000/please_enter_the_pin_number.wav", mycb, "dtmf");
+ session.collectInput( mycb, dtmf, timeoutpin );
+ //console_log( "info", "DISA pin: " + dtmf.digits + "\n" );
+ }
+
+ if (dtmf.digits == admin_pin || admin_pin.length == 0) {
+
+ //console_log( "info", "DISA pin is correct\n" );
+
+ us_ring = session.getVariable("us-ring");
+ session.execute("set", "ringback="+us_ring); //set to ringtone
+ session.execute("set", "transfer_ringback="+us_ring); //set to ringtone
+ session.execute("set", "hangup_after_bridge=true");
+
+ if (predefined_destination.length == 0) {
+ dtmf.digits = ""; //clear dtmf digits to prepare for next dtmf request
+ digitmaxlength = 11;
+ session.streamFile( "/usr/local/freeswitch/sounds/custom/8000/please_enter_the_phone_number.wav", mycb, "dtmf");
+ session.collectInput( mycb, dtmf, timeouttransfer );
+ console_log( "info", "DISA Transfer: " + dtmf.digits + "\n" );
+ session.execute("transfer", dtmf.digits + " XML default");
+ }
+ else {
+ session.execute("transfer", predefined_destination + " XML default");
+ }
+
+ }
+ else {
+ session.streamFile( "/usr/local/freeswitch/sounds/custom/8000/your_pin_number_is_incorect_goodbye.wav", mycb, "dtmf");
+ console_log( "info", "DISA Pin: " + dtmf.digits + " is incorrect\n" );
+ }
+
+ }
diff --git a/config/freeswitch/freeswitch.inc b/config/freeswitch/freeswitch.inc
index 4222d27a..4e0ab1ab 100755..100644
--- a/config/freeswitch/freeswitch.inc
+++ b/config/freeswitch/freeswitch.inc
@@ -6,12 +6,10 @@
freeswitch.inc
Copyright (C) 2008 Mark J Crane
All rights reserved.
-
+
FreeSWITCH (TM)
http://www.freeswitch.org/
- */
-/* ========================================================================== */
-/*
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -34,6 +32,73 @@
POSSIBILITY OF SUCH DAMAGE.
*/
+function build_menu() {
+
+ //$script_name_array = split ("/", $_SERVER["SCRIPT_NAME"]);
+ //$script_name = $script_name_array[count($script_name_array)-1];
+ //echo "script_name: ".$script_name."<br />";
+
+ $tab_array = array();
+ $menu_selected = false;
+ if ($_SERVER["SCRIPT_NAME"] == "/pkg_edit.php?xml=freeswitch.xml&amp;id=0") { $menu_selected = true; }
+ $tab_array[] = array(gettext("Settings"), $menu_selected, "/pkg_edit.php?xml=freeswitch.xml&amp;id=0");
+ unset($menu_selected);
+
+ $menu_selected = false;
+ if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_dialplan_includes.php") { $menu_selected = true; }
+ if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_dialplan.php") { $menu_selected = true; }
+ if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_dialplan_includes_edit.php") { $menu_selected = true; }
+ if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_dialplan_includes_details_edit.php") { $menu_selected = true; }
+ $tab_array[] = array(gettext("Dialplan"), $menu_selected, "/packages/freeswitch/freeswitch_dialplan_includes.php");
+ unset($menu_selected);
+
+ $menu_selected = false;
+ if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_extensions.php") { $menu_selected = true; }
+ if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_extensions_edit.php") { $menu_selected = true; }
+ $tab_array[] = array(gettext("Extensions"), $menu_selected, "/packages/freeswitch/freeswitch_extensions.php");
+ unset($menu_selected);
+
+ $menu_selected = false;
+ if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_features.php") { $menu_selected = true; }
+ if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_ivr.php") { $menu_selected = true; }
+ if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_ivr_edit.php") { $menu_selected = true; }
+ if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_ivr_options_edit.php") { $menu_selected = true; }
+ if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_recordings.php") { $menu_selected = true; }
+ if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_recordings_edit.php") { $menu_selected = true; }
+ $tab_array[] = array(gettext("Features"), $menu_selected, "/packages/freeswitch/freeswitch_features.php");
+ unset($menu_selected);
+
+ $menu_selected = false;
+ if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_gateways.php") { $menu_selected = true; }
+ if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_gateways_edit.php") { $menu_selected = true; }
+ $tab_array[] = array(gettext("Gateways"), $menu_selected, "/packages/freeswitch/freeswitch_gateways.php");
+ unset($menu_selected);
+
+ $menu_selected = false;
+ if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_profiles.php") { $menu_selected = true; }
+ if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_profile_edit.php") { $menu_selected = true; }
+ $tab_array[] = array(gettext("Profiles"), $menu_selected, "/packages/freeswitch/freeswitch_profiles.php");
+ unset($menu_selected);
+
+ $menu_selected = false;
+ if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_public_includes.php") { $menu_selected = true; }
+ if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_public.php") { $menu_selected = true; }
+ $tab_array[] = array(gettext("Public"), $menu_selected, "/packages/freeswitch/freeswitch_public_includes.php");
+ unset($menu_selected);
+
+ $menu_selected = false;
+ if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_status.php") { $menu_selected = true; }
+ $tab_array[] = array(gettext("Status"), $menu_selected, "/packages/freeswitch/freeswitch_status.php");
+ unset($menu_selected);
+
+ $menu_selected = false;
+ if ($_SERVER["SCRIPT_NAME"] == "/packages/freeswitch/freeswitch_vars.php") { $menu_selected = true; }
+ $tab_array[] = array(gettext("Vars"), $menu_selected, "/packages/freeswitch/freeswitch_vars.php");
+ unset($menu_selected);
+
+ return $tab_array;
+}
+
function guid()
{
@@ -56,7 +121,7 @@ function guid()
//echo guid();
-function pkg_is_service_running($servicename)
+function pkg_is_service_running($servicename)
{
exec("/bin/ps ax | awk '{ print $5 }'", $psout);
array_shift($psout);
@@ -72,10 +137,10 @@ function pkg_is_service_running($servicename)
}
-function event_socket_create($host, $port, $password)
+function event_socket_create($host, $port, $password)
{
//$host has been deprecated
-
+
//build the interface list
$i = 0; $ifdescrs = array('wan' => 'WAN', 'lan' => 'LAN');
for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) {
@@ -86,15 +151,15 @@ function event_socket_create($host, $port, $password)
foreach ($ifdescrs as $ifdescr => $ifname){
$ifinfo = get_interface_info($ifdescr);
$interface_ip_address = $ifinfo['ipaddr'];
-
+
if (strlen($interface_ip_address) > 0) {
$fp = fsockopen($interface_ip_address, $port, $errno, $errdesc, 3);
socket_set_blocking($fp,false);
-
+
if (!$fp) {
- //connection failed continue through the loop testing other addresses
- //invalid handle
+ //connection failed continue through the loop testing other addresses
+ //invalid handle
}
else {
//connected to the socket return the handle
@@ -107,20 +172,20 @@ function event_socket_create($host, $port, $password)
break;
}
}
- return $fp;
- }
-
+ return $fp;
+ }
+
} //end if interface_ip_address
- } //end foreach
+ } //end foreach
} //end function
-function event_socket_request($fp, $cmd)
+function event_socket_request($fp, $cmd)
{
- if ($fp) {
- fputs($fp, $cmd."\n\n");
+ if ($fp) {
+ fputs($fp, $cmd."\n\n");
usleep(100); //allow time for reponse
-
+
$response = "";
$i = 0;
$contentlength = 0;
@@ -129,7 +194,7 @@ function event_socket_request($fp, $cmd)
if ($contentlength > 0) {
$response .= $buffer;
}
-
+
if ($contentlength == 0) { //if contentlenght is already don't process again
if (strlen(trim($buffer)) > 0) { //run only if buffer has content
$temparray = split(":", trim($buffer));
@@ -138,21 +203,21 @@ function event_socket_request($fp, $cmd)
}
}
}
-
+
usleep(100); //allow time for reponse
-
+
//optional because of script timeout //don't let while loop become endless
- if ($i > 10000) { break; }
-
+ if ($i > 10000) { break; }
+
if ($contentlength > 0) { //is contentlength set
//stop reading if all content has been read.
- if (strlen($response) >= $contentlength) {
+ if (strlen($response) >= $contentlength) {
break;
}
}
$i++;
}
-
+
return $response;
}
else {
@@ -165,7 +230,7 @@ function event_socket_request_cmd($cmd)
{
global $config;
$password = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_password'];
- $port = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_port'];
+ $port = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_port'];
$host = $config['interfaces']['lan']['ipaddr'];
if (pkg_is_service_running('freeswitch')) {
@@ -188,12 +253,65 @@ function byte_convert( $bytes ) {
return round($bytes/pow($convention,$e),2).' '.$s[$e];
}
+function lan_sip_profile()
+{
+ global $config;
+ //create the LAN profile if it doesn't exist
+ if (!file_exists('/usr/local/freeswitch/conf/sip_profiles/lan.xml')) {
+ $lan_ip = $config['interfaces']['lan']['ipaddr'];
+ if (strlen($lan_ip) > 0) {
+ exec("cp /usr/local/freeswitch/conf/sip_profiles/internal.xml /usr/local/freeswitch/conf/sip_profiles/lan.xml");
+
+ $filename = "/usr/local/freeswitch/conf/sip_profiles/lan.xml";
+ $handle = fopen($filename,"rb");
+ $contents = fread($handle, filesize($filename));
+ fclose($handle);
+
+ $handle = fopen($filename,"w");
+ $contents = str_replace("<profile name=\"internal\">", "<profile name=\"lan\">", $contents);
+ $contents = str_replace("<alias name=\"default\"/>", "", $contents);
+ $contents = str_replace("<X-PRE-PROCESS cmd=\"include\" data=\"internal/*.xml\"/>", "<X-PRE-PROCESS cmd=\"include\" data=\"lan/*.xml\"/>", $contents);
+ $contents = str_replace("<param name=\"rtp-ip\" value=\"\$\${local_ip_v4}\"/>", "<param name=\"rtp-ip\" value=\"".$lan_ip."\"/>", $contents);
+ $contents = str_replace("<param name=\"sip-ip\" value=\"\$\${local_ip_v4}\"/>", "<param name=\"sip-ip\" value=\"".$lan_ip."\"/>", $contents);
+ fwrite($handle, $contents);
+ unset($contents);
+ fclose($handle);
+ unset($filename);
+ }
+ }
+
+}
+
+function ListFiles($dir) {
+
+ if($dh = opendir($dir)) {
+
+ $files = Array();
+ $inner_files = Array();
+
+ while($file = readdir($dh)) {
+ if($file != "." && $file != ".." && $file[0] != '.') {
+ if(is_dir($dir . "/" . $file)) {
+ //$inner_files = ListFiles($dir . "/" . $file); //recursive
+ if(is_array($inner_files)) $files = array_merge($files, $inner_files);
+ } else {
+ array_push($files, $file);
+ //array_push($files, $dir . "/" . $file);
+ }
+ }
+ }
+
+ closedir($dh);
+ return $files;
+ }
+}
+
function recording_js()
{
- global $config;
+ global $config;
$admin_pin = $config['installedpackages']['freeswitchsettings']['config'][0]['admin_pin'];
-
+
$fout = fopen("/usr/local/freeswitch/scripts/recordings.js","w");
$tmp = " var pin = \"".$admin_pin."\";\n";
$tmp .= " //var pin = \"\"; //don't require a pin\n";
@@ -254,9 +372,9 @@ function recording_js()
//$tmp .= " session.execute(\"set\", \"tts_engine=flite\");\n";
//$tmp .= " session.execute(\"set\", \"tts_voice=kal\");\n";
//$tmp .= " session.execute(\"speak\", \"Please enter your pin number now.\");\n";
- $tmp .= " digitmaxlength = 6;\n";
+ $tmp .= " digitmaxlength = 6;\n";
$tmp .= " session.execute(\"set\", \"playback_terminators=#\");\n";
- $tmp .= " session.streamFile( \"/usr/local/freeswitch/recordings/please_enter_your_pin_number.wav\", mycb, \"dtmf\");\n";
+ $tmp .= " session.streamFile( \"/usr/local/freeswitch/sounds/custom/8000/please_enter_the_pin_number.wav\", mycb, \"dtmf\");\n";
$tmp .= " session.collectInput( mycb, dtmf, timeoutpin );\n";
$tmp .= " }\n";
$tmp .= "\n";
@@ -265,7 +383,7 @@ function recording_js()
//$tmp .= " session.execute(\"set\", \"tts_engine=flite\");\n";
//$tmp .= " session.execute(\"set\", \"tts_voice=kal\");\n";
//$tmp .= " session.execute(\"speak\", \"Begin recording.\");\n";
- $tmp .= " session.streamFile( \"/usr/local/freeswitch/recordings/begin_recording.wav\", mycb, \"dtmf\");\n";
+ $tmp .= " session.streamFile( \"/usr/local/freeswitch/sounds/custom/8000/begin_recording.wav\", mycb, \"dtmf\");\n";
$tmp .= " session.execute(\"set\", \"playback_terminators=#\");\n";
$tmp .= " session.execute(\"record\", \"/usr/local/freeswitch/recordings/temp\"+Year+Month+Day+Hours+Mins+Seconds+\".wav 180 200\");\n";
$tmp .= " }\n";
@@ -274,7 +392,7 @@ function recording_js()
//$tmp .= " session.execute(\"set\", \"tts_engine=flite\");\n";
//$tmp .= " session.execute(\"set\", \"tts_voice=kal\");\n";
//$tmp .= " session.execute(\"speak\", \"Your pin number is incorect, goodbye.\");\n";
- $tmp .= " session.streamFile( \"/usr/local/freeswitch/recordings/your_pin_number_is_incorect_goodbye.wav\", mycb, \"dtmf\");\n";
+ $tmp .= " session.streamFile( \"/usr/local/freeswitch/sounds/custom/8000/your_pin_number_is_incorect_goodbye.wav\", mycb, \"dtmf\");\n";
$tmp .= " }\n";
$tmp .= " session.hangup();\n";
$tmp .= "\n";
@@ -285,66 +403,89 @@ function recording_js()
}
-
+
function sync_package_freeswitch_settings()
{
- global $config;
+ global $config;
if($config['installedpackages']['freeswitchsettings']['config'] != "") {
-
+
conf_mount_rw();
config_unlock();
foreach($config['installedpackages']['freeswitchsettings']['config'] as $rowhelper) {
- $fout = fopen("/usr/local/freeswitch/conf/directory/default/default.xml","w");
- $tmpxml = "<include>\n";
- $tmpxml .= " <user id=\"default\"> <!--if id is numeric mailbox param is not necessary-->\n";
- $tmpxml .= " <variables>\n";
- $tmpxml .= " <!--all variables here will be set on all inbound calls that originate from this user -->\n";
- $tmpxml .= " <!-- set these to take advantage of a dialplan localized to this user -->\n";
- $tmpxml .= " <variable name=\"numbering_plan\" value=\"" . $rowhelper['numbering_plan'] . "\"/>\n";
- $tmpxml .= " <variable name=\"default_gateway\" value=\"" . $rowhelper['default_gateway'] . "\"/>\n";
- $tmpxml .= " <variable name=\"default_area_code\" value=\"" . $rowhelper['default_area_code'] . "\"/>\n";
- $tmpxml .= " </variables>\n";
- $tmpxml .= " </user>\n";
- $tmpxml .= "</include>\n";
- fwrite($fout, $tmpxml);
- unset($tmpxml);
- fclose($fout);
-
- $fout = fopen("/usr/local/freeswitch/conf/autoload_configs/event_socket.conf.xml","w");
- $tmpxml = "<configuration name=\"event_socket.conf\" description=\"Socket Client\">\n";
- $tmpxml .= " <settings>\n";
- $tmpxml .= " <param name=\"listen-ip\" value=\"0.0.0.0\"/>\n";
- $tmpxml .= " <param name=\"listen-port\" value=\"" . $rowhelper['event_socket_port'] . "\"/>\n";
- $tmpxml .= " <param name=\"password\" value=\"" . $rowhelper['event_socket_password'] . "\"/>\n";
- $tmpxml .= " <!--<param name=\"apply-inbound-acl\" value=\"lan\"/>-->\n";
- $tmpxml .= " </settings>\n";
- $tmpxml .= "</configuration>";
- fwrite($fout, $tmpxml);
- unset($tmpxml, $event_socket_password);
- fclose($fout);
-
- $fout = fopen("/usr/local/freeswitch/conf/autoload_configs/xml_rpc.conf","w");
- $tmpxml = "<configuration name=\"xml_rpc.conf\" description=\"XML RPC\">\n";
- $tmpxml .= " <settings>\n";
- $tmpxml .= " <!-- The port where you want to run the http service (default 8080) -->\n";
- $tmpxml .= " <param name=\"http-port\" value=\"" . $rowhelper['xml_rpc_http_port'] . "\"/>\n";
- $tmpxml .= " <!-- if all 3 of the following params exist all http traffic will require auth -->\n";
- $tmpxml .= " <param name=\"auth-realm\" value=\"" . $rowhelper['xml_rpc_auth_realm'] . "\"/>\n";
- $tmpxml .= " <param name=\"auth-user\" value=\"" . $rowhelper['xml_rpc_auth_user'] . "\"/>\n";
- $tmpxml .= " <param name=\"auth-pass\" value=\"" . $rowhelper['xml_rpc_auth_pass'] . "\"/>\n";
- $tmpxml .= " </settings>\n";
- $tmpxml .= "</configuration>\n";
- fwrite($fout, $tmpxml);
- unset($tmpxml, $event_socket_password);
- fclose($fout);
-
- recording_js();
-
+ $fout = fopen("/usr/local/freeswitch/conf/directory/default/default.xml","w");
+ $tmpxml = "<include>\n";
+ $tmpxml .= " <user id=\"default\"> <!--if id is numeric mailbox param is not necessary-->\n";
+ $tmpxml .= " <variables>\n";
+ $tmpxml .= " <!--all variables here will be set on all inbound calls that originate from this user -->\n";
+ $tmpxml .= " <!-- set these to take advantage of a dialplan localized to this user -->\n";
+ $tmpxml .= " <variable name=\"numbering_plan\" value=\"" . $rowhelper['numbering_plan'] . "\"/>\n";
+ $tmpxml .= " <variable name=\"default_gateway\" value=\"" . $rowhelper['default_gateway'] . "\"/>\n";
+ $tmpxml .= " <variable name=\"default_area_code\" value=\"" . $rowhelper['default_area_code'] . "\"/>\n";
+ $tmpxml .= " </variables>\n";
+ $tmpxml .= " </user>\n";
+ $tmpxml .= "</include>\n";
+ fwrite($fout, $tmpxml);
+ unset($tmpxml);
+ fclose($fout);
+
+ $fout = fopen("/usr/local/freeswitch/conf/autoload_configs/event_socket.conf.xml","w");
+ $tmpxml = "<configuration name=\"event_socket.conf\" description=\"Socket Client\">\n";
+ $tmpxml .= " <settings>\n";
+ $tmpxml .= " <param name=\"listen-ip\" value=\"0.0.0.0\"/>\n";
+ $tmpxml .= " <param name=\"listen-port\" value=\"" . $rowhelper['event_socket_port'] . "\"/>\n";
+ $tmpxml .= " <param name=\"password\" value=\"" . $rowhelper['event_socket_password'] . "\"/>\n";
+ $tmpxml .= " <!--<param name=\"apply-inbound-acl\" value=\"lan\"/>-->\n";
+ $tmpxml .= " </settings>\n";
+ $tmpxml .= "</configuration>";
+ fwrite($fout, $tmpxml);
+ unset($tmpxml, $event_socket_password);
+ fclose($fout);
+
+ $fout = fopen("/usr/local/freeswitch/conf/autoload_configs/xml_rpc.conf","w");
+ $tmpxml = "<configuration name=\"xml_rpc.conf\" description=\"XML RPC\">\n";
+ $tmpxml .= " <settings>\n";
+ $tmpxml .= " <!-- The port where you want to run the http service (default 8080) -->\n";
+ $tmpxml .= " <param name=\"http-port\" value=\"" . $rowhelper['xml_rpc_http_port'] . "\"/>\n";
+ $tmpxml .= " <!-- if all 3 of the following params exist all http traffic will require auth -->\n";
+ $tmpxml .= " <param name=\"auth-realm\" value=\"" . $rowhelper['xml_rpc_auth_realm'] . "\"/>\n";
+ $tmpxml .= " <param name=\"auth-user\" value=\"" . $rowhelper['xml_rpc_auth_user'] . "\"/>\n";
+ $tmpxml .= " <param name=\"auth-pass\" value=\"" . $rowhelper['xml_rpc_auth_pass'] . "\"/>\n";
+ $tmpxml .= " </settings>\n";
+ $tmpxml .= "</configuration>\n";
+ fwrite($fout, $tmpxml);
+ unset($tmpxml);
+ fclose($fout);
+
+ recording_js();
+
+ //shout.conf.xml
+ $fout = fopen("/usr/local/freeswitch/conf/autoload_configs/shout.conf.xml","w");
+ $tmpxml = "<configuration name=\"shout.conf\" description=\"mod shout config\">\n";
+ $tmpxml .= " <settings>\n";
+ $tmpxml .= " <!-- Don't change these unless you are insane -->\n";
+ $tmpxml .= " <param name=\"decoder\" value=\"" . $rowhelper['mod_shout_decoder'] . "\"/>\n";
+ $tmpxml .= " <param name=\"volume\" value=\"" . $rowhelper['mod_shout_volume'] . "\"/>\n";
+ $tmpxml .= " <!--<param name=\"outscale\" value=\"8192\"/>-->\n";
+ $tmpxml .= " </settings>\n";
+ $tmpxml .= "</configuration>";
+ fwrite($fout, $tmpxml);
+ unset($tmpxml);
+ fclose($fout);
+
+ //config.js
+ $admin_pin = $config['installedpackages']['freeswitchsettings']['config'][0]['admin_pin'];
+ $fout = fopen("/usr/local/freeswitch/scripts/config.js","w");
+ $tmp = "//javascript include\n\n";
+ $tmp .= "var admin_pin = \"" . $admin_pin . "\";\n";
+ fwrite($fout, $tmp);
+ unset($tmp);
+ fclose($fout);
+
}
-
+
conf_mount_ro();
$cmd = "api reloadxml";
//event_socket_request_cmd($cmd);
@@ -359,12 +500,12 @@ function sync_package_freeswitch_dialplan()
global $config;
conf_mount_rw();
config_unlock();
-
+
if(strlen($config['installedpackages']['freeswitchdialplan']['config'][0]['dialplan_default_xml']) == 0) {
/* dialplan not found in the pfsense config.xml get the default dialplan and save to config.xml. */
$filename = "/usr/local/freeswitch/conf/dialplan/default.xml";
$fout = fopen($filename,"r");
- $tmpxml = fread($fout, filesize($filename));
+ $tmpxml = fread($fout, filesize($filename));
$config['installedpackages']['freeswitchdialplan']['config'][0]['dialplan_default_xml'] = base64_encode($tmpxml);
unset($filename, $dialplan);
fclose($fout);
@@ -389,13 +530,13 @@ function sync_package_freeswitch_dialplan()
function sync_package_freeswitch_extensions()
{
- global $config;
+ global $config;
if($config['installedpackages']['freeswitchextensions']['config'] != "") {
conf_mount_rw();
config_unlock();
- /* delete all old extensions to prepare for new ones */
+ /* delete all old extensions to prepare for new ones */
unlink_if_exists("/usr/local/freeswitch/conf/directory/default/1*.xml");
unlink_if_exists("/usr/local/freeswitch/conf/directory/default/2*.xml");
unlink_if_exists("/usr/local/freeswitch/conf/directory/default/3*.xml");
@@ -411,7 +552,7 @@ function sync_package_freeswitch_extensions()
$fout = fopen("/usr/local/freeswitch/conf/directory/default/".$rowhelper['extension'].".xml","w");
$tmpxml = "<include>\n";
- if (strlen($rowhelper['cidr']) == 0) {
+ if (strlen($rowhelper['cidr']) == 0) {
$tmpxml .= " <user id=\"" . $rowhelper['extension'] . "\" mailbox=\"" . $rowhelper['mailbox'] . "\">\n";
}
else {
@@ -422,7 +563,7 @@ function sync_package_freeswitch_extensions()
$tmpxml .= " <param name=\"vm-password\" value=\"" . $rowhelper['vm-password'] . "\"/>\n";
if (strlen($rowhelper['vm-mailto']) > 0) {
$tmpxml .= " <param name=\"vm-email-all-messages\" value=\"true\"/>\n";
-
+
switch ($rowhelper['vm-attach-file']) {
case "true":
$tmpxml .= " <param name=\"vm-attach-file\" value=\"true\"/>\n";
@@ -436,8 +577,8 @@ function sync_package_freeswitch_extensions()
$tmpxml .= " <param name=\"vm-mailto\" value=\"" . $rowhelper['vm-mailto'] . "\"/>\n";
}
- if (strlen($rowhelper['auth-acl']) > 0) {
- $tmpxml .= " <param name=\"auth-acl\" value=\"" . $rowhelper['auth-acl'] . "\"/>\n";
+ if (strlen($rowhelper['auth-acl']) > 0) {
+ $tmpxml .= " <param name=\"auth-acl\" value=\"" . $rowhelper['auth-acl'] . "\"/>\n";
}
$tmpxml .= " </params>\n";
$tmpxml .= " <variables>\n";
@@ -459,26 +600,26 @@ function sync_package_freeswitch_extensions()
unset($tmpxml);
fclose($fout);
}
-
+
conf_mount_ro();
$cmd = "api reloadxml";
//event_socket_request_cmd($cmd);
unset($cmd);
- }
+ }
}
function sync_package_freeswitch_gateways()
{
- global $config;
+ global $config;
if($config['installedpackages']['freeswitchgateways']['config'] != "") {
-
+
conf_mount_rw();
config_unlock();
- /* delete all old gateways to prepare for new ones */
+ /* delete all old gateways to prepare for new ones */
unlink_if_exists("/usr/local/freeswitch/conf/sip_profiles/external/*.xml");
foreach($config['installedpackages']['freeswitchgateways']['config'] as $rowhelper) {
@@ -493,7 +634,7 @@ function sync_package_freeswitch_gateways()
}
if (strlen($rowhelper['password']) > 0) {
$tmpxml .= " <param name=\"password\" value=\"" . $rowhelper['password'] . "\"/>\n";
- }
+ }
if (strlen($rowhelper['realm']) > 0) {
$tmpxml .= " <param name=\"realm\" value=\"" . $rowhelper['realm'] . "\"/>\n";
}
@@ -512,9 +653,24 @@ function sync_package_freeswitch_gateways()
if (strlen($rowhelper['register']) > 0) {
$tmpxml .= " <param name=\"register\" value=\"" . $rowhelper['register'] . "\"/>\n";
}
+
if (strlen($rowhelper['register-transport']) > 0) {
- $tmpxml .= " <param name=\"register-transport\" value=\"" . $rowhelper['register-transport'] . "\"/>\n";
- }
+ switch ($rowhelper['register-transport']) {
+ case "udp":
+ $tmpxml .= " <param name=\"register-transport\" value=\"udp\"/>\n";
+ break;
+ case "tcp":
+ $tmpxml .= " <param name=\"register-transport\" value=\"tcp\"/>\n";
+ break;
+ case "tls":
+ $tmpxml .= " <param name=\"register-transport\" value=\"tls\"/>\n";
+ $tmpxml .= " <param name=\"contact-params\" value=\"transport=tls\"/>\n";
+ break;
+ default:
+ $tmpxml .= " <param name=\"register-transport\" value=\"" . $rowhelper['register-transport'] . "\"/>\n";
+ }
+ }
+
if (strlen($rowhelper['retry-seconds']) > 0) {
$tmpxml .= " <param name=\"retry-seconds\" value=\"" . $rowhelper['retry-seconds'] . "\"/>\n";
}
@@ -529,38 +685,38 @@ function sync_package_freeswitch_gateways()
}
if (strlen($rowhelper['supress-cng']) > 0) {
$tmpxml .= " <param name=\"context\" value=\"" . $rowhelper['context'] . "\"/>\n";
- }
+ }
$tmpxml .= " </gateway>\n";
$tmpxml .= "</include>";
-
+
fwrite($fout, $tmpxml);
unset($tmpxml);
fclose($fout);
- }
-
+ }
+
}
-
+
conf_mount_ro();
$cmd = "api sofia profile external restart reloadxml";
//event_socket_request_cmd($cmd);
unset($cmd);
-
+
}
-
+
}
function sync_package_freeswitch_modules()
{
-
+
global $config;
conf_mount_rw();
config_unlock();
foreach($config['installedpackages']['freeswitchmodules']['config'] as $rowhelper) {
$fout = fopen("/usr/local/freeswitch/conf/autoload_configs/modules.conf.xml","w");
-
+
$tmpxml ="";
$tmpxml .= "<configuration name=\"modules.conf\" description=\"Modules\">\n";
$tmpxml .= " <modules>\n";
@@ -682,12 +838,12 @@ function sync_package_freeswitch_public()
global $config;
conf_mount_rw();
config_unlock();
-
+
if(strlen($config['installedpackages']['freeswitchpublic']['config'][0]['public_xml']) == 0) {
/* dialplan_public_xml not found in the pfsense config.xml get the default public.xml and save to config.xml. */
$filename = "/usr/local/freeswitch/conf/dialplan/public.xml";
$fout = fopen($filename,"r");
- $tmpxml = fread($fout, filesize($filename));
+ $tmpxml = fread($fout, filesize($filename));
$tmpxml = str_replace("<anti-action application=\"export\" data=\"domain_name=\${sip_req_host}\"/>", "<!--<anti-action application=\"export\" data=\"domain_name=\${sip_req_host}\"/>-->", $tmpxml);
$config['installedpackages']['freeswitchpublic']['config'][0]['public_xml'] = base64_encode($tmpxml);
unset($filename, $tmpxml);
@@ -716,12 +872,12 @@ function sync_package_freeswitch_vars()
global $config;
conf_mount_rw();
config_unlock();
-
+
if(strlen($config['installedpackages']['freeswitchvars']['config'][0]['vars_xml']) == 0) {
/* dialplan not found in the pfsense config.xml get the default dialplan and save to config.xml. */
$filename = "/usr/local/freeswitch/conf/vars.xml";
$fout = fopen($filename,"r");
- $tmpxml = fread($fout, filesize($filename));
+ $tmpxml = fread($fout, filesize($filename));
$config['installedpackages']['freeswitchvars']['config'][0]['vars_xml'] = base64_encode($tmpxml);
unset($filename, $dialplan);
fclose($fout);
@@ -748,12 +904,12 @@ function sync_package_freeswitch_internal()
global $config;
conf_mount_rw();
config_unlock();
-
+
if(strlen($config['installedpackages']['freeswitchinternal']['config'][0]['internal_xml']) == 0) {
/* internal_xml not found in the pfsense config.xml get the internal.xml and save to config.xml. */
$filename = "/usr/local/freeswitch/conf/sip_profiles/internal.xml";
$fout = fopen($filename,"r");
- $tmpxml = fread($fout, filesize($filename));
+ $tmpxml = fread($fout, filesize($filename));
$config['installedpackages']['freeswitchinternal']['config'][0]['internal_xml'] = base64_encode($tmpxml);
unset($filename, $dialplan);
fclose($fout);
@@ -780,12 +936,12 @@ function sync_package_freeswitch_external()
global $config;
conf_mount_rw();
config_unlock();
-
+
if(strlen($config['installedpackages']['freeswitchexternal']['config'][0]['external_xml']) == 0) {
/* external_xml not found in the pfsense config.xml get the external.xml and save to config.xml. */
$filename = "/usr/local/freeswitch/conf/sip_profiles/external.xml";
$fout = fopen($filename,"r");
- $tmpxml = fread($fout, filesize($filename));
+ $tmpxml = fread($fout, filesize($filename));
$config['installedpackages']['freeswitchexternal']['config'][0]['external_xml'] = base64_encode($tmpxml);
unset($filename, $dialplan);
fclose($fout);
@@ -818,9 +974,9 @@ function get_recording_filename($id)
return $rowhelper['filename'];
}
}
- }
+ }
}
-
+
function sync_package_freeswitch_ivr()
{
@@ -830,37 +986,37 @@ function sync_package_freeswitch_ivr()
config_lock();
$a_ivr = &$config['installedpackages']['freeswitchivr']['config'];
- if (count($a_ivr) > 0) {
+ if (count($a_ivr) > 0) {
foreach($a_ivr as $rowhelper) {
/*
$rowhelper['ivrid']
$rowhelper['ivrextension']
$rowhelper['ivrname']
- $rowhelper['recordingid']
+ $rowhelper['recordingid']
$rowhelper['ivrtimeout']
$rowhelper['ivrcontext']
$rowhelper['ivrconditionjs']
- $rowhelper['ivrdescr']
+ $rowhelper['ivrdescr']
*/
-
+
$a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config'];
- $a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config'];
+ $a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config'];
-
+
//add the IVR to the dialplan
if (strlen($rowhelper['ivrid']) > 0) {
$action = 'add'; //set default action to add
$i = 0;
if (count($a_dialplan_includes) > 0) {
foreach($a_dialplan_includes as $row) {
-
+
//$row['dialplanincludeid'];
//$row['extensionname'];
//$row['context'];
//$row['enabled'];
//echo "if (".$row['opt1name']." == \"ivrid\" && ".$row['opt1value']." == ".$rowhelper['ivrid'].") {\n";
-
+
if ($row['opt1name'] == "ivrid" && $row['opt1value'] == $rowhelper['ivrid']) {
//update
$action = 'update';
@@ -873,18 +1029,18 @@ function sync_package_freeswitch_ivr()
$opt1name = $row['opt1name'];
$opt1value = $row['opt1value'];
$id = $i;
- //echo "update".$i."<br />\n";
+ //echo "update".$i."<br />\n";
}
$i++;
-
+
}
}
-
-
+
+
$ent = array();
if ($action == 'add') {
-
+
$dialplanincludeid = guid();
$ent['dialplanincludeid'] = $dialplanincludeid;
$ent['extensionname'] = $rowhelper['ivrextension'];
@@ -894,7 +1050,7 @@ function sync_package_freeswitch_ivr()
$ent['descr'] = 'IVR';
$ent['opt1name'] = 'ivrid';
$ent['opt1value'] = $rowhelper['ivrid'];
-
+
//add to the config
$a_dialplan_includes[] = $ent;
unset($ent);
@@ -906,7 +1062,7 @@ function sync_package_freeswitch_ivr()
$ent['fielddata'] = '^'.$rowhelper['ivrextension'].'$';
$a_dialplan_include_details[] = $ent;
unset($ent);
-
+
$ivrid = str_replace(array("{", "}"), "", $rowhelper['ivrid']);
$ent = array();
@@ -921,7 +1077,7 @@ function sync_package_freeswitch_ivr()
}
if ($action == 'update') {
-
+
$ent['dialplanincludeid'] = $dialplanincludeid;
$ent['extensionname'] = $rowhelper['ivrextension'];
$ent['order'] = $order;
@@ -950,7 +1106,7 @@ function sync_package_freeswitch_ivr()
unset($dialplanincludeid);
} //end if strlen ivrid; add the IVR to the dialplan
-
+
// Build the IVR javascript
$recording_action_filename = get_recording_filename($rowhelper['recordingidaction']);
$recording_antiaction_filename = get_recording_filename($rowhelper['recordingidantiaction']);
@@ -964,8 +1120,8 @@ function sync_package_freeswitch_ivr()
$cmd = "api global_getvar domain";
$domain = trim(event_socket_request($fp, $cmd));
}
-
-
+
+
$tmp = ""; //make sure the variable starts with no value
$tmp .= "\n";
$tmp .= " var condition = true;\n";
@@ -1017,17 +1173,17 @@ function sync_package_freeswitch_ivr()
$tmp .= " }\n";
$tmp .= " return( true );\n";
$tmp .= " } //end function mycb\n";
-
+
$tmp .= "\n";
$tmp .= base64_decode($rowhelper['ivrconditionjs']);
$tmp .= "\n";
$tmp .= "\n";
-
+
//$tmp .= " //condition = true; //debugging\n";
$actiondirect = false;
$actioncount = 0;
- foreach($config['installedpackages']['freeswitchivroptions']['config'] as $row) {
+ foreach($config['installedpackages']['freeswitchivroptions']['config'] as $row) {
//find the correct IVR options with the correct action
if ($row['ivrid'] == $rowhelper['ivrid']) {
if ($row['optionaction'] == "action") {
@@ -1076,23 +1232,23 @@ function sync_package_freeswitch_ivr()
$tmp .= " dtmf.digits += session.getDigits(1, \"#\", ".($rowhelper['ivrtimeout']*1000)."); // ".$rowhelper['ivrtimeout']." seconds\n";
$tmp .= " if (dtmf.digits == 0) {\n";
//$tmp .= " console_log( "info", "time out option: " + dtmf.digits + "\n" );\n";
-
- $a_ivr_options = &$config['installedpackages']['freeswitchivroptions']['config'];
+
+ $a_ivr_options = &$config['installedpackages']['freeswitchivroptions']['config'];
//find the timeout IVR options with the correct action
if (count($a_ivr_options) > 0) {
- foreach($a_ivr_options as $row) {
+ foreach($a_ivr_options as $row) {
if ($row['ivrid'] == $rowhelper['ivrid']) {
-
+
if ($row['optionaction'] == "action") {
- if (strtolower($row['optionnumber']) == "t") {
+ if (strtolower($row['optionnumber']) == "t") {
if ($row['optiontype'] == "extension") {
$tmp .= " session.execute(\"transfer\", \"".$row['optiondest']." XML default\"); //".$row['optiondescr']."\n";
}
if ($row['optiontype'] == "voicemail") {
//$tmp .= " session.execute(\"voicemail\", \"".$row['optiondest']." XML default\");\n";
$tmp .= " session.execute(\"voicemail\", \"default \"+domain+\" ".$row['optiondest']."\");\n";
- }
+ }
}
} //end anti-action
@@ -1100,14 +1256,14 @@ function sync_package_freeswitch_ivr()
} //end for each
} //if count
-
-
+
+
$tmp .= " }\n";
$tmp .= " else {\n";
$tmp .= " break; //dtmf found end the while loop\n";
- $tmp .= " }\n";
- $tmp .= " }\n";
- $tmp .= " }\n";
+ $tmp .= " }\n";
+ $tmp .= " }\n";
+ $tmp .= " }\n";
$tmp .= " }\n";
$tmp .= "\n";
$tmp .= " //pickup the remaining digits\n";
@@ -1128,35 +1284,35 @@ function sync_package_freeswitch_ivr()
$a_ivr_options = &$config['installedpackages']['freeswitchivroptions']['config'];
if (count($a_ivr_options) > 0) {
foreach($a_ivr_options as $row) {
-
+
/*
$row['ivrid']
$row['optionnumber']
$row['optiontype']
$row['optionaction']
$row['optiondest']
- $row['optiondescr']
+ $row['optiondescr']
*/
-
- $tmpactiondefault = "";
-
+
+ $tmpactiondefault = "";
+
//find the correct IVR options with the correct action
if ($row['ivrid'] == $rowhelper['ivrid']){
-
+
if ($row['optionaction'] == "action") {
//$tmpaction .= "\n";
-
+
switch ($row['optionnumber']) {
//case "t":
-
+
//if ($row['optiontype'] == "extension") {
// $tmpactiondefault .= " session.execute(\"transfer\", \"".$row['optiondest']." XML default\"); //".$row['optiondescr']."\n";
//}
//if ($row['optiontype'] == "voicemail") {
// //$tmpactiondefault .= " session.execute(\"voicemail\", \"".$row['optiondest']." XML default\");\n";
// $tmpactiondefault .= " session.execute(\"voicemail\", \"default \"+domain+\" ".$row['optiondest']."\");\n";
- //}
-
+ //}
+
//break;
default:
//$tmpaction .= " //console_log( \"info\", \"IVR Detected 1 digit \\n\" );\n";
@@ -1172,17 +1328,17 @@ function sync_package_freeswitch_ivr()
if ($row['optiontype'] == "voicemail") {
//$tmpaction .= " session.execute(\"voicemail\", \"".$row['optiondest']." XML default\");\n";
$tmpaction .= " session.execute(\"voicemail\", \"default \"+domain+\" ".$row['optiondest']."\");\n";
- }
+ }
$tmpaction .= " }\n";
-
+
}
-
+
$x++;
- } //end if action
+ } //end if action
} //end ivrid
-
+
} //end foreach
} //end if count
@@ -1193,9 +1349,9 @@ function sync_package_freeswitch_ivr()
//$tmp .= $tmpactiondefault;
$tmp .= " }\n";
$tmp .= "\n";
- unset($tmpaction);
+ unset($tmpaction);
+
-
$tmp .= " } \n";
//$tmp .= " else if ( dtmf.digits.length == \"3\" ) {\n";
//$tmp .= " //Transfer to the extension the caller chose\n";
@@ -1207,13 +1363,13 @@ function sync_package_freeswitch_ivr()
$tmp .= " } //end if session.ready\n";
$tmp .= "\n";
$tmp .= " }\n"; //end if condition
-
+
} //if ($actiondirect) {
} //actioncount
-
+
$antiactiondirect = false;
$antiactioncount = 0;
- foreach($config['installedpackages']['freeswitchivroptions']['config'] as $row) {
+ foreach($config['installedpackages']['freeswitchivroptions']['config'] as $row) {
//find the correct IVR options with the correct action
if ($row['ivrid'] == $rowhelper['ivrid']) {
if ($row['optionaction'] == "anti-action") {
@@ -1228,7 +1384,7 @@ function sync_package_freeswitch_ivr()
}
//$tmp .= "anti-action count: ".$antiactioncount."<br />\n";
-
+
if ($antiactioncount > 0) {
if ($antiactiondirect) {
$tmp .= " else {\n";
@@ -1261,40 +1417,40 @@ function sync_package_freeswitch_ivr()
$tmp .= " dtmf.digits += session.getDigits(1, \"#\", ".($rowhelper['ivrtimeout']*1000)."); // ".$rowhelper['ivrtimeout']." seconds\n";
$tmp .= " if (dtmf.digits == 0) {\n";
//$tmp .= " console_log( "info", "time out option: " + dtmf.digits + "\n" );\n";
-
-
+
+
//find the timeout IVR options with the correct action
if (count($a_ivr_options) > 0) {
foreach($a_ivr_options as $row) {
if ($row['ivrid'] == $rowhelper['ivrid']) {
-
+
if ($row['optionaction'] == "anti-action") {
- if (strtolower($row['optionnumber']) == "t") {
-
+ if (strtolower($row['optionnumber']) == "t") {
+
if ($row['optiontype'] == "extension") {
$tmp .= " session.execute(\"transfer\", \"".$row['optiondest']." XML default\"); //".$row['optiondescr']."\n";
}
if ($row['optiontype'] == "voicemail") {
//$tmp .= " session.execute(\"voicemail\", \"".$row['optiondest']." XML default\");\n";
$tmp .= " session.execute(\"voicemail\", \"default \"+domain+\" ".$row['optiondest']."\");\n";
- }
+ }
}
-
+
} //end anti-action
} //end ivrid
} //end for each
} //if count
-
-
+
+
$tmp .= " }\n";
$tmp .= " else {\n";
$tmp .= " break; //dtmf found end the while loop\n";
$tmp .= " }\n";
-
- $tmp .= " }\n";
+
+ $tmp .= " }\n";
$tmp .= " }\n";
$tmp .= " }\n";
$tmp .= "\n";
@@ -1307,48 +1463,48 @@ function sync_package_freeswitch_ivr()
$tmp .= "\n";
-
+
$tmpantiaction = "";
$tmp .= " if ( dtmf.digits.length > \"0\" ) {\n";
-
+
$x = 0;
if (count($a_ivr_options) > 0) {
foreach($a_ivr_options as $row) {
-
+
/*
$row['ivrid']
$row['optionnumber']
$row['optiontype']
$row['optionaction']
$row['optiondest']
- $row['optiondescr']
+ $row['optiondescr']
*/
//$tmpantiactiondefault = "";
-
+
//find the correct IVR options with the correct action
if ($row['ivrid'] == $rowhelper['ivrid']) {
-
+
if ($row['optionaction'] == "anti-action") {
-
+
switch ($row['optionnumber']) {
//case "t":
-
+
//if ($row['optiontype'] == "extension") {
// $tmpantiactiondefault .= " session.execute(\"transfer\", \"".$row['optiondest']." XML default\"); //".$row['optiondescr']."\n";
//}
//if ($row['optiontype'] == "voicemail") {
// //$tmpantiactiondefault .= " session.execute(\"voicemail\", \"".$row['optiondest']." XML default\");\n";
// $tmpantiactiondefault .= " session.execute(\"voicemail\", \"default \"+domain+\" ".$row['optiondest']."\");\n";
- //}
-
+ //}
+
//break;
default:
//$tmpantiaction .= " //console_log( \"info\", \"IVR Detected 1 digit \\n\" );\n";
if ($x == 0) {
- $tmpantiaction .= " if ( dtmf.digits == \"".$row['optionnumber']."\" ) { //".$row['optiondescr']."\n";
+ $tmpantiaction .= " if ( dtmf.digits == \"".$row['optionnumber']."\" ) { //".$row['optiondescr']."\n";
}
else {
$tmpantiaction .= " else if ( dtmf.digits == \"".$row['optionnumber']."\" ) { //".$row['optiondescr']."\n";
@@ -1360,13 +1516,13 @@ function sync_package_freeswitch_ivr()
if ($row['optiontype'] == "voicemail") {
//$tmpantiaction .= " session.execute(\"voicemail\", \"".$row['optiondest']." XML default\");\n";
$tmpantiaction .= " session.execute(\"voicemail\", \"default \"+domain+\" ".$row['optiondest']."\");\n";
- }
+ }
$tmpantiaction .= " }\n";
-
+
} //end switch
-
- $x++;
+
+ $x++;
} //end anti-action
} //end ivrid
@@ -1374,15 +1530,15 @@ function sync_package_freeswitch_ivr()
} //end for each
} //if count
-
+
$tmp .= $tmpantiaction;
$tmp .= " else {\n";
- $tmp .= " session.execute(\"transfer\", dtmf.digits+\" XML default\");\n";
+ $tmp .= " session.execute(\"transfer\", dtmf.digits+\" XML default\");\n";
//$tmp .= $tmpantiactiondefault;
$tmp .= " }\n";
$tmp .= "\n";
unset($tmpantiaction);
-
+
$tmp .= " } \n";
//$tmp .= " else if ( dtmf.digits.length == \"3\" ) {\n";
//$tmp .= " //Transfer to the extension the caller chose\n";
@@ -1395,22 +1551,22 @@ function sync_package_freeswitch_ivr()
$tmp .= " } //end if session.ready\n";
$tmp .= "\n";
$tmp .= " } //end if condition";
-
+
} //if ($antiactiondirect) {
} //antiactioncount
unset($tmpactiondefault);
- unset($tmpantiactiondefault);
-
+ unset($tmpantiactiondefault);
+
if (strlen($rowhelper['ivrid']) > 0) {
- $ivrfilename = "ivr_".str_replace(array("{", "}"), "", $rowhelper['ivrid']).".js";
+ $ivrfilename = "ivr_".str_replace(array("{", "}"), "", $rowhelper['ivrid']).".js";
$fout = fopen("/usr/local/freeswitch/scripts/".$ivrfilename,"w");
fwrite($fout, $tmp);
unset($ivrfilename);
fclose($fout);
}
-
- } //end foreach
- } //end if count
+
+ } //end foreach
+ } //end if count
conf_mount_ro();
config_unlock();
@@ -1427,73 +1583,73 @@ function sync_package_freeswitch_dialplan_includes()
$a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config'];
$a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config'];
-
+
if (count($a_dialplan_includes) > 0) {
foreach($config['installedpackages']['freeswitchdialplanincludes']['config'] as $rowhelper) {
$tmp = "";
$tmp .= "\n";
-
+
//$rowhelper['dialplanincludeid'];
//$rowhelper['extensionname'];
//$rowhelper['context'];
//$rowhelper['enabled'];
-
+
$tmp = "<extension name=\"".$rowhelper['extensionname']."\">\n";
-
- if (count($a_dialplan_include_details) > 0) {
-
+
+ if (count($a_dialplan_include_details) > 0) {
+
$conditioncount = 0;
$i = 0;
foreach ($a_dialplan_include_details as $ent) {
if ($ent['tag'] == "condition" && $rowhelper['dialplanincludeid'] == $ent['dialplanincludeid']) {
$conditioncount++;
$i++;
- }
+ }
}
-
+
$i = 1;
foreach ($a_dialplan_include_details as $ent) {
if ($ent['tag'] == "condition" && $rowhelper['dialplanincludeid'] == $ent['dialplanincludeid']) {
- if ($conditioncount == 1) { //single condition
+ if ($conditioncount == 1) { //single condition
//start tag
- $tmp .= " <condition field=\"".$ent['fieldtype']."\" expression=\"".$ent['fielddata']."\">\n";
+ $tmp .= " <condition field=\"".$ent['fieldtype']."\" expression=\"".$ent['fielddata']."\">\n";
}
- else { //more than one condition
- if ($i < $conditioncount) {
+ else { //more than one condition
+ if ($i < $conditioncount) {
//all tags should be self-closing except the last one
$tmp .= " <condition field=\"".$ent['fieldtype']."\" expression=\"".$ent['fielddata']."\"/>\n";
}
else {
- //for the last tag use the start tag
+ //for the last tag use the start tag
$tmp .= " <condition field=\"".$ent['fieldtype']."\" expression=\"".$ent['fielddata']."\">\n";
}
}
$i++;
}
} //end for each
-
+
} //end if count
-
+
if (count($a_dialplan_include_details) > 0) {
$i = 0;
foreach ($a_dialplan_include_details as $ent) {
if ($ent['tag'] == "action" && $rowhelper['dialplanincludeid'] == $ent['dialplanincludeid']) {
- $tmp .= " <action application=\"".$ent['fieldtype']."\" data=\"".$ent['fielddata']."\"/>\n";
- }
- $i++;
+ $tmp .= " <action application=\"".$ent['fieldtype']."\" data=\"".$ent['fielddata']."\"/>\n";
+ }
+ $i++;
}
}
-
+
if (count($a_dialplan_include_details) > 0) {
$i = 0;
foreach ($a_dialplan_include_details as $ent) {
if ($ent['tag'] == "anti-action" && $rowhelper['dialplanincludeid'] == $ent['dialplanincludeid']) {
$tmp .= " <anti-action application=\"".$ent['fieldtype']."\" data=\"".$ent['fielddata']."\"/>\n";
- }
- $i++;
+ }
+ $i++;
}
}
-
+
//if (count($a_dialplan_include_details) > 0) {
//foreach ($a_dialplan_include_details as $ent) {
// $i = 0;
@@ -1501,38 +1657,38 @@ function sync_package_freeswitch_dialplan_includes()
//$ent['tag']
//$ent['fieldtype']
//$ent['fielddata']
- // }
- // $i++;
+ // }
+ // $i++;
// }
//}
-
+
if ($conditioncount > 0) {
$tmp .= " </condition>\n";
}
- unset ($conditioncount);
+ unset ($conditioncount);
$tmp .= "</extension>\n";
-
-
+
+
if ($rowhelper['enabled'] == "true") {
- $dialplanincludefilename = $rowhelper['order']."_".$rowhelper['extensionname'].".xml";
+ $dialplanincludefilename = $rowhelper['order']."_".$rowhelper['extensionname'].".xml";
$fout = fopen("/usr/local/freeswitch/conf/dialplan/default/".$dialplanincludefilename,"w");
fwrite($fout, $tmp);
- fclose($fout);
+ fclose($fout);
}
unset($dialplanincludefilename);
unset($tmp);
-
-
+
+
} //end foreach
- } //if array count
-
+ } //if array count
+
conf_mount_ro();
config_unlock();
-
+
}
-function sync_package_freeswitch_public_includes()
+function sync_package_freeswitch_public_includes()
{
global $config;
@@ -1542,73 +1698,73 @@ function sync_package_freeswitch_public_includes()
$a_public_includes = &$config['installedpackages']['freeswitchpublicincludes']['config'];
$a_public_include_details = &$config['installedpackages']['freeswitchpublicincludedetails']['config'];
- if (count($a_public_includes) > 0) {
+ if (count($a_public_includes) > 0) {
foreach($a_public_includes as $rowhelper) {
$tmp = "";
$tmp .= "\n";
-
+
//$rowhelper['publicincludeid'];
//$rowhelper['extensionname'];
//$rowhelper['context'];
//$rowhelper['enabled'];
-
+
$tmp = "<extension name=\"".$rowhelper['extensionname']."\">\n";
- if (count($a_public_include_details) > 0) {
-
+ if (count($a_public_include_details) > 0) {
+
$conditioncount = 0;
$i = 0;
foreach ($a_public_include_details as $ent) {
if ($ent['tag'] == "condition" && $rowhelper['publicincludeid'] == $ent['publicincludeid']) {
$conditioncount++;
$i++;
- }
+ }
}
-
+
$i = 1;
foreach ($a_public_include_details as $ent) {
if ($ent['tag'] == "condition" && $rowhelper['publicincludeid'] == $ent['publicincludeid']) {
- if ($conditioncount == 1) { //single condition
+ if ($conditioncount == 1) { //single condition
//start tag
- $tmp .= " <condition field=\"".$ent['fieldtype']."\" expression=\"".$ent['fielddata']."\">\n";
+ $tmp .= " <condition field=\"".$ent['fieldtype']."\" expression=\"".$ent['fielddata']."\">\n";
}
- else { //more than one condition
- if ($i < $conditioncount) {
+ else { //more than one condition
+ if ($i < $conditioncount) {
//all tags should be self-closing except the last one
$tmp .= " <condition field=\"".$ent['fieldtype']."\" expression=\"".$ent['fielddata']."\"/>\n";
}
else {
- //for the last tag use the start tag
+ //for the last tag use the start tag
$tmp .= " <condition field=\"".$ent['fieldtype']."\" expression=\"".$ent['fielddata']."\">\n";
}
}
$i++;
}
} //end for each
-
+
} //end if count
-
+
if (count($a_public_include_details) > 0) {
$i = 0;
foreach ($a_public_include_details as $ent) {
if ($ent['tag'] == "action" && $rowhelper['publicincludeid'] == $ent['publicincludeid']) {
- $tmp .= " <action application=\"".$ent['fieldtype']."\" data=\"".$ent['fielddata']."\"/>\n";
- }
- $i++;
+ $tmp .= " <action application=\"".$ent['fieldtype']."\" data=\"".$ent['fielddata']."\"/>\n";
+ }
+ $i++;
}
}
-
+
if (count($a_public_include_details) > 0) {
$i = 0;
foreach ($a_public_include_details as $ent) {
if ($ent['tag'] == "anti-action" && $rowhelper['publicincludeid'] == $ent['publicincludeid']) {
$tmp .= " <anti-action application=\"".$ent['fieldtype']."\" data=\"".$ent['fielddata']."\"/>\n";
- }
- $i++;
+ }
+ $i++;
}
}
-
+
//if (count($a_public_include_details) > 0) {
//foreach ($a_public_include_details as $ent) {
// $i = 0;
@@ -1616,192 +1772,280 @@ function sync_package_freeswitch_public_includes()
//$ent['tag']
//$ent['fieldtype']
//$ent['fielddata']
- // }
- // $i++;
+ // }
+ // $i++;
// }
//}
-
+
if ($conditioncount > 0) {
$tmp .= " </condition>\n";
}
unset ($conditioncount);
$tmp .= "</extension>\n";
-
-
+
+
if ($rowhelper['enabled'] == "true") {
- $publicincludefilename = $rowhelper['order']."_".$rowhelper['extensionname'].".xml";
+ $publicincludefilename = $rowhelper['order']."_".$rowhelper['extensionname'].".xml";
$fout = fopen("/usr/local/freeswitch/conf/dialplan/public/".$publicincludefilename,"w");
fwrite($fout, $tmp);
- fclose($fout);
+ fclose($fout);
}
unset($publicincludefilename);
unset($tmp);
-
- } //end foreach
- } //end if count
+
+ } //end foreach
+ } //end if count
conf_mount_ro();
config_unlock();
-
+
}
-function sync_package_freeswitch()
+function sync_package_freeswitch()
{
-
- global $config;
+
+ global $config;
sync_package_freeswitch_settings();
sync_package_freeswitch_dialplan();
- sync_package_freeswitch_dialplan_includes();
+ sync_package_freeswitch_dialplan_includes();
sync_package_freeswitch_extensions();
sync_package_freeswitch_gateways();
sync_package_freeswitch_modules();
sync_package_freeswitch_public();
- sync_package_freeswitch_public_includes();
- sync_package_freeswitch_vars();
+ sync_package_freeswitch_public_includes();
+ sync_package_freeswitch_vars();
sync_package_freeswitch_internal();
sync_package_freeswitch_external();
//sync_package_freeswitch_recordings();
- if (pkg_is_service_running('freeswitch')) {
+ if (pkg_is_service_running('freeswitch')) {
sync_package_freeswitch_ivr();
}
}
-
-function freeswitch_php_install_command()
+
+function freeswitch_php_install_command()
{
global $config;
- $freeswitch_package_version = "0.8.3.5";
- $freeswitch_build_version = "1.0.3";
- $freeswitch_build_revision = "12545";
+ $freeswitch_package_version = "0.8.7.5";
+ $freeswitch_build_version = "1.0.4 pre 6";
+ $freeswitch_build_revision = "13238";
+
+ //set script execution time limit to 24 hours
+ set_time_limit (86400);
+ ini_set(max_execution_time,86400);
+
+ //hide errors
+ ini_set('display_errors', '0');
conf_mount_rw();
config_lock();
-
- //needed for mod_fax support
- system('pkg_add -r spandsp');
- if (!is_dir('/usr/local/www/freeswitch/')) {
- exec("mkdir /usr/local/www/freeswitch/");
+ if (!is_dir('/usr/local/www/packages/')) {
+ exec("mkdir /usr/local/www/packages/");
}
+ if (!is_dir('/usr/local/www/packages/freeswitch/')) {
+ exec("mkdir /usr/local/www/packages/freeswitch/");
+ }
//$struname = exec('uname -v');
//if (stristr($struname, 'FreeBSD 7.0')) {
// $freebsd_version = "7.0";
//}
-
+
+ //exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch.tgz"); //handled by freeswitch.xml
exec("tar zxvf /tmp/freeswitch.tgz -C /usr/local/");
unlink_if_exists("/tmp/freeswitch.tgz");
//make a backup copy of the default config
- exec("cp -R /usr/local/freeswitch/conf /usr/local/freeswitch/conf.rev".$freeswitch_build_revision.".orig");
+ exec("cp -R /usr/local/freeswitch/conf /usr/local/freeswitch/conf.orig");
//remove some default config files that are not needed
unlink_if_exists("/usr/local/freeswitch/conf/dialplan/default/01_example.com.xml");
- unlink_if_exists("/usr/local/freeswitch/conf/dialplan/public/00_inbound_did.xml");
+ unlink_if_exists("/usr/local/freeswitch/conf/dialplan/public/00_inbound_did.xml");
- //copy audio files
- exec("cp /tmp/please_enter_your_pin_number.wav /usr/local/freeswitch/recordings/please_enter_your_pin_number.wav");
- unlink_if_exists("/tmp/please_enter_your_pin_number.wav");
+ if (!is_dir('/usr/local/freeswitch/sounds/custom/')) {
+ exec("mkdir /usr/local/freeswitch/sounds/custom/");
+ }
- exec("cp /tmp/begin_recording.wav /usr/local/freeswitch/recordings/begin_recording.wav");
- unlink_if_exists("/tmp/begin_recording.wav");
-
- exec("cp /tmp/your_pin_number_is_incorect_goodbye.wav /usr/local/freeswitch/recordings/your_pin_number_is_incorect_goodbye.wav");
- unlink_if_exists("/tmp/your_pin_number_is_incorect_goodbye.wav");
+ if (!is_dir('/usr/local/freeswitch/sounds/custom/8000/')) {
+ exec("mkdir /usr/local/freeswitch/sounds/custom/8000/");
+ }
-
- //rename .so files from .1 to .so
- exec("cp /tmp/mod_shout.so.1 /usr/local/freeswitch/mod/mod_shout.so");
- unlink_if_exists("/tmp/mod_shout.so.tmp");
+ //copy audio files
+ exec("cd /usr/local/freeswitch/sounds/custom/8000/;fetch http://www.pfsense.com/packages/config/freeswitch/please_enter_your_pin_number.wav");
+ exec("cd /usr/local/freeswitch/sounds/custom/8000/;fetch http://www.pfsense.com/packages/config/freeswitch/please_enter_the_pin_number.wav");
+ exec("cd /usr/local/freeswitch/sounds/custom/8000/;fetch http://www.pfsense.com/packages/config/freeswitch/please_enter_the_extension_number.wav");
+ exec("cd /usr/local/freeswitch/sounds/custom/8000/;fetch http://www.pfsense.com/packages/config/freeswitch/please_enter_the_phone_number.wav");
+ exec("cd /usr/local/freeswitch/sounds/custom/8000/;fetch http://www.pfsense.com/packages/config/freeswitch/call_forward_has_been_set.wav");
+ exec("cd /usr/local/freeswitch/sounds/custom/8000/;fetch http://www.pfsense.com/packages/config/freeswitch/call_forward_has_been_deleted.wav");
+ exec("cd /usr/local/freeswitch/sounds/custom/8000/;fetch http://www.pfsense.com/packages/config/freeswitch/begin_recording.wav");
+ exec("cd /usr/local/freeswitch/sounds/custom/8000/;fetch http://www.pfsense.com/packages/config/freeswitch/your_pin_number_is_incorect_goodbye.wav");
- exec("cp /tmp/mod_fax.so.1 /usr/local/freeswitch/mod/mod_fax.so");
- unlink_if_exists("/tmp/mod_shout.so.tmp");
+ //download lib files
+ exec("cd /usr/local/lib/;fetch http://www.pfsense.com/packages/config/freeswitch/libtinfo.so.5.6");
+ exec("cd /usr/local/lib/;fetch http://www.pfsense.com/packages/config/freeswitch/libncurses.so.5.6");
+ exec("cd /usr/local/lib/;fetch http://www.pfsense.com/packages/config/freeswitch/libogg.so.5.3");
+ exec("cd /usr/local/lib/;fetch http://www.pfsense.com/packages/config/freeswitch/libvorbis.so.4");
+ exec("cd /usr/local/lib/;fetch http://www.pfsense.com/packages/config/freeswitch/libcurl.so.5");
+ exec("cd /usr/local/lib/;fetch http://www.pfsense.com/packages/config/freeswitch/libspandsp.so.1");
+ exec("cd /usr/local/lib/;fetch http://www.pfsense.com/packages/config/freeswitch/libodbc.so.1");
+ exec("cd /usr/local/lib/;fetch http://www.pfsense.com/packages/config/freeswitch/libiconv.so.3");
+
+
+ //download xml package files
+ //exec("cd /usr/local/pkg/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch.inc");
+ //exec("cd /usr/local/pkg/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch.xml");
+ //exec("cd /usr/local/pkg/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_dialplan.xml");
+ //exec("cd /usr/local/pkg/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_external.xml");
+ //exec("cd /usr/local/pkg/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_internal.xml");
+ exec("cd /usr/local/pkg/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_modules.xml");
+ //exec("cd /usr/local/pkg/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_public.xml");
+ //exec("cd /usr/local/pkg/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_vars.xml");
+
+ //misc files
+ if (!is_dir('/usr/local/www/edit_area/')) {
+ exec("cd /usr/local/pkg/;fetch http://www.pfsense.com/packages/config/freeswitch/edit_area.tgz");
+ system('cd /usr/local/www; tar xvpfz /tmp/edit_area.tgz edit_area');
+ unlink_if_exists("/tmp/edit_area.tgz");
+ }
+
//rename PHP files from .tmp to .php
- exec("cp /tmp/class.smtp.tmp /usr/local/www/freeswitch/class.smtp.php");
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/class.smtp.tmp");
+ exec("cp /tmp/class.smtp.tmp /usr/local/www/packages/freeswitch/class.smtp.php");
unlink_if_exists("/tmp/class.smtp.tmp");
-
- exec("cp /tmp/class.phpmailer.tmp /usr/local/www/freeswitch/class.phpmailer.php");
+
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/class.phpmailer.tmp");
+ exec("cp /tmp/class.phpmailer.tmp /usr/local/www/packages/freeswitch/class.phpmailer.php");
unlink_if_exists("/tmp/class.phpmailer.tmp");
-
- exec("cp /tmp/freeswitch_cmd.tmp /usr/local/www/freeswitch/freeswitch_cmd.php");
+
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_cmd.tmp");
+ exec("cp /tmp/freeswitch_cmd.tmp /usr/local/www/packages/freeswitch/freeswitch_cmd.php");
unlink_if_exists("/tmp/freeswitch_cmd.tmp");
-
- exec("cp /tmp/freeswitch_dialplan_includes_details.tmp /usr/local/www/freeswitch/freeswitch_dialplan_includes_details.php");
+
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_dialplan.tmp");
+ exec("cp /tmp/freeswitch_dialplan.tmp /usr/local/www/packages/freeswitch/freeswitch_dialplan.php");
+ unlink_if_exists("/tmp/freeswitch_dialplan.tmp");
+
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_dialplan_includes_details.tmp");
+ exec("cp /tmp/freeswitch_dialplan_includes_details.tmp /usr/local/www/packages/freeswitch/freeswitch_dialplan_includes_details.php");
unlink_if_exists("/tmp/freeswitch_dialplan_includes_details.tmp");
- exec("cp /tmp/freeswitch_dialplan_includes_details_edit.tmp /usr/local/www/freeswitch/freeswitch_dialplan_includes_details_edit.php");
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_dialplan_includes_details_edit.tmp");
+ exec("cp /tmp/freeswitch_dialplan_includes_details_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_dialplan_includes_details_edit.php");
unlink_if_exists("/tmp/freeswitch_dialplan_includes_details_edit.tmp");
- exec("cp /tmp/freeswitch_dialplan_includes.tmp /usr/local/www/freeswitch/freeswitch_dialplan_includes.php");
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_dialplan_includes.tmp");
+ exec("cp /tmp/freeswitch_dialplan_includes.tmp /usr/local/www/packages/freeswitch/freeswitch_dialplan_includes.php");
unlink_if_exists("/tmp/freeswitch_dialplan_includes.tmp");
-
- exec("cp /tmp/freeswitch_dialplan_includes_edit.tmp /usr/local/www/freeswitch/freeswitch_dialplan_includes_edit.php");
+
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_dialplan_includes_edit.tmp");
+ exec("cp /tmp/freeswitch_dialplan_includes_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_dialplan_includes_edit.php");
unlink_if_exists("/tmp/freeswitch_dialplan_includes_edit.tmp");
-
- exec("cp /tmp/freeswitch_extensions.tmp /usr/local/www/freeswitch/freeswitch_extensions.php");
+
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_extensions.tmp");
+ exec("cp /tmp/freeswitch_extensions.tmp /usr/local/www/packages/freeswitch/freeswitch_extensions.php");
unlink_if_exists("/tmp/freeswitch_extensions.tmp");
-
- exec("cp /tmp/freeswitch_extensions_edit.tmp /usr/local/www/freeswitch/freeswitch_extensions_edit.php");
+
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_extensions_edit.tmp");
+ exec("cp /tmp/freeswitch_extensions_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_extensions_edit.php");
unlink_if_exists("/tmp/freeswitch_extensions_edit.tmp");
- exec("cp /tmp/freeswitch_gateways.tmp /usr/local/www/freeswitch/freeswitch_gateways.php");
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_features.tmp");
+ exec("cp /tmp/freeswitch_features.tmp /usr/local/www/packages/freeswitch/freeswitch_features.php");
+ unlink_if_exists("/tmp/freeswitch_features.tmp");
+
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_gateways.tmp");
+ exec("cp /tmp/freeswitch_gateways.tmp /usr/local/www/packages/freeswitch/freeswitch_gateways.php");
unlink_if_exists("/tmp/freeswitch_gateways.tmp");
-
- exec("cp /tmp/freeswitch_gateways_edit.tmp /usr/local/www/freeswitch/freeswitch_gateways_edit.php");
+
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_gateways_edit.tmp");
+ exec("cp /tmp/freeswitch_gateways_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_gateways_edit.php");
unlink_if_exists("/tmp/freeswitch_gateways_edit.tmp");
-
- exec("cp /tmp/freeswitch_ivr.tmp /usr/local/www/freeswitch/freeswitch_ivr.php");
+
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_ivr.tmp");
+ exec("cp /tmp/freeswitch_ivr.tmp /usr/local/www/packages/freeswitch/freeswitch_ivr.php");
unlink_if_exists("/tmp/freeswitch_ivr.tmp");
-
- exec("cp /tmp/freeswitch_ivr_edit.tmp /usr/local/www/freeswitch/freeswitch_ivr_edit.php");
+
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_ivr_edit.tmp");
+ exec("cp /tmp/freeswitch_ivr_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_ivr_edit.php");
unlink_if_exists("/tmp/freeswitch_ivr_edit.tmp");
-
- exec("cp /tmp/freeswitch_ivr_options.tmp /usr/local/www/freeswitch/freeswitch_ivr_options.php");
+
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_ivr_options.tmp");
+ exec("cp /tmp/freeswitch_ivr_options.tmp /usr/local/www/packages/freeswitch/freeswitch_ivr_options.php");
unlink_if_exists("/tmp/freeswitch_ivr_options.tmp");
- exec("cp /tmp/freeswitch_ivr_options_edit.tmp /usr/local/www/freeswitch/freeswitch_ivr_options_edit.php");
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_ivr_options_edit.tmp");
+ exec("cp /tmp/freeswitch_ivr_options_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_ivr_options_edit.php");
unlink_if_exists("/tmp/freeswitch_ivr_options_edit.tmp");
-
- exec("cp /tmp/freeswitch_public_includes.tmp /usr/local/www/freeswitch/freeswitch_public_includes.php");
+
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_profiles.tmp");
+ exec("cp /tmp/freeswitch_profiles.tmp /usr/local/www/packages/freeswitch/freeswitch_profiles.php");
+ unlink_if_exists("/tmp/freeswitch_profiles.tmp");
+
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_profile_edit.tmp");
+ exec("cp /tmp/freeswitch_profile_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_profile_edit.php");
+ unlink_if_exists("/tmp/freeswitch_profile_edit.tmp");
+
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_public.tmp");
+ exec("cp /tmp/freeswitch_public.tmp /usr/local/www/packages/freeswitch/freeswitch_public.php");
+ unlink_if_exists("/tmp/freeswitch_public.tmp");
+
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_public_includes.tmp");
+ exec("cp /tmp/freeswitch_public_includes.tmp /usr/local/www/packages/freeswitch/freeswitch_public_includes.php");
unlink_if_exists("/tmp/freeswitch_public_includes.tmp");
-
- exec("cp /tmp/freeswitch_public_includes_edit.tmp /usr/local/www/freeswitch/freeswitch_public_includes_edit.php");
+
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_public_includes_edit.tmp");
+ exec("cp /tmp/freeswitch_public_includes_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_public_includes_edit.php");
unlink_if_exists("/tmp/freeswitch_public_includes_edit.tmp");
- exec("cp /tmp/freeswitch_public_includes_details.tmp /usr/local/www/freeswitch/freeswitch_public_includes_details.php");
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_public_includes_details.tmp");
+ exec("cp /tmp/freeswitch_public_includes_details.tmp /usr/local/www/packages/freeswitch/freeswitch_public_includes_details.php");
unlink_if_exists("/tmp/freeswitch_public_includes_details.tmp");
- exec("cp /tmp/freeswitch_public_includes_details_edit.tmp /usr/local/www/freeswitch/freeswitch_public_includes_details_edit.php");
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_public_includes_details_edit.tmp");
+ exec("cp /tmp/freeswitch_public_includes_details_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_public_includes_details_edit.php");
unlink_if_exists("/tmp/freeswitch_public_includes_details_edit.tmp");
- exec("cp /tmp/freeswitch_mailto.tmp /usr/local/www/freeswitch/freeswitch_mailto.php");
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_mailto.tmp");
+ exec("cp /tmp/freeswitch_mailto.tmp /usr/local/www/packages/freeswitch/freeswitch_mailto.php");
unlink_if_exists("/tmp/freeswitch_mailto.tmp");
-
- exec("cp /tmp/freeswitch_recordings.tmp /usr/local/www/freeswitch/freeswitch_recordings.php");
+
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_recordings.tmp");
+ exec("cp /tmp/freeswitch_recordings.tmp /usr/local/www/packages/freeswitch/freeswitch_recordings.php");
unlink_if_exists("/tmp/freeswitch_recordings.tmp");
-
- exec("cp /tmp/freeswitch_recordings_edit.tmp /usr/local/www/freeswitch/freeswitch_recordings_edit.php");
+
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_recordings_edit.tmp");
+ exec("cp /tmp/freeswitch_recordings_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_recordings_edit.php");
unlink_if_exists("/tmp/freeswitch_recordings_edit.tmp");
- exec("cp /tmp/freeswitch_recordings_play.tmp /usr/local/www/freeswitch/freeswitch_recordings_play.php");
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_recordings_play.tmp");
+ exec("cp /tmp/freeswitch_recordings_play.tmp /usr/local/www/packages/freeswitch/freeswitch_recordings_play.php");
unlink_if_exists("/tmp/freeswitch_recordings_play.tmp");
-
- exec("cp /tmp/freeswitch_status.tmp /usr/local/www/freeswitch/freeswitch_status.php");
+
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_status.tmp");
+ exec("cp /tmp/freeswitch_status.tmp /usr/local/www/packages/freeswitch/freeswitch_status.php");
unlink_if_exists("/tmp/freeswitch_status.tmp");
-
- exec("cp /tmp/freeswitch_time_conditions.tmp /usr/local/www/freeswitch/freeswitch_time_conditions.php");
+
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_time_conditions.tmp");
+ exec("cp /tmp/freeswitch_time_conditions.tmp /usr/local/www/packages/freeswitch/freeswitch_time_conditions.php");
unlink_if_exists("/tmp/freeswitch_time_conditions.tmp");
-
- exec("cp /tmp/freeswitch_time_conditions_edit.tmp /usr/local/www/freeswitch/freeswitch_time_conditions_edit.php");
+
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_time_conditions_edit.tmp");
+ exec("cp /tmp/freeswitch_time_conditions_edit.tmp /usr/local/www/packages/freeswitch/freeswitch_time_conditions_edit.php");
unlink_if_exists("/tmp/freeswitch_time_conditions_edit.tmp");
- exec("cp /usr/local/freeswitch/htdocs/slim.swf /usr/local/www/freeswitch/slim.swf");
+ exec("cd /tmp/;fetch http://www.pfsense.com/packages/config/freeswitch/freeswitch_vars.tmp");
+ exec("cp /tmp/freeswitch_vars.tmp /usr/local/www/packages/freeswitch/freeswitch_vars.php");
+ unlink_if_exists("/tmp/freeswitch_vars.tmp");
+
+ exec("cd /usr/local/freeswitch/scripts/;fetch http://www.pfsense.com/packages/config/freeswitch/disa.js");
+ exec("cp /usr/local/freeswitch/htdocs/slim.swf /usr/local/www/packages/freeswitch/slim.swf");
/* freeswitch settings defaults */
if (strlen($config['installedpackages']['freeswitchsettings']['config'][0]['numbering_plan']) == 0) {
@@ -1827,7 +2071,13 @@ function freeswitch_php_install_command()
}
if (strlen($config['installedpackages']['freeswitchsettings']['config'][0]['admin_pin']) == 0) {
$config['installedpackages']['freeswitchsettings']['config'][0]['admin_pin'] = "7575";
- }
+ }
+ if (strlen($config['installedpackages']['freeswitchsettings']['config'][0]['mod_shout_decoder']) == 0) {
+ $config['installedpackages']['freeswitchsettings']['config'][0]['mod_shout_decoder'] = "i386";
+ }
+ if (strlen($config['installedpackages']['freeswitchsettings']['config'][0]['mod_shout_volume']) == 0) {
+ $config['installedpackages']['freeswitchsettings']['config'][0]['mod_shout_volume'] = "0.3";
+ }
$numbering_plan = $config['installedpackages']['freeswitchsettings']['config'][0]['numbering_plan'];
$event_socket_password = $config['installedpackages']['freeswitchsettings']['config'][0]['event_socket_password'];
@@ -1837,13 +2087,13 @@ function freeswitch_php_install_command()
$xml_rpc_auth_user = $config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_auth_user'];
$xml_rpc_auth_pass = $config['installedpackages']['freeswitchsettings']['config'][0]['xml_rpc_auth_pass'];
$admin_pin = $config['installedpackages']['freeswitchsettings']['config'][0]['admin_pin'];
-
+
//write the recording.js script
recording_js();
-
+
//add recording.js to the dialplan
$a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config'];
- $a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config'];
+ $a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config'];
//delete dialplan recording from the previous install
if (count($a_dialplan_includes) > 0) {
@@ -1851,12 +2101,12 @@ function freeswitch_php_install_command()
foreach ($a_dialplan_includes as $ent) {
if ($ent['extensionname'] == "Recordings") {
unset($a_dialplan_includes[$i]);
- }
- $i++;
+ }
+ $i++;
}
}
- //delete the recording dialplan details
+ //delete the recording dialplan details
if (count($a_dialplan_include_details) > 0) {
$i = 0;
foreach ($a_dialplan_include_details as $ent) {
@@ -1865,40 +2115,84 @@ function freeswitch_php_install_command()
}
if ($ent['fielddata'] == "recordings.js") {
unset($a_dialplan_include_details[$i]);
- }
- $i++;
+ }
+ $i++;
}
}
-
- $dialplanincludeid = guid();
-
- $ent = array();
- $ent['dialplanincludeid'] = $dialplanincludeid;
- $ent['extensionname'] = 'Recordings';
- $ent['order'] = '9000';
- $ent['context'] = 'default';
- $ent['enabled'] = 'true';
- $ent['descr'] = 'Default system recordings tool';
- $a_dialplan_includes[] = $ent;
- unset($ent);
-
- $ent = array();
- $ent['dialplanincludeid'] = $dialplanincludeid;
- $ent['tag'] = 'condition'; //condition, action, antiaction
- $ent['fieldtype'] = 'destination_number';
- $ent['fielddata'] = '^732673$';
- $a_dialplan_include_details[] = $ent;
- unset($ent);
+
+ //add recording to the dialplan
+ $dialplanincludeid = guid();
+
+ $ent = array();
+ $ent['dialplanincludeid'] = $dialplanincludeid;
+ $ent['extensionname'] = 'Recordings';
+ $ent['order'] = '9000';
+ $ent['context'] = 'default';
+ $ent['enabled'] = 'true';
+ $ent['descr'] = '*732673 Default system recordings tool';
+ $a_dialplan_includes[] = $ent;
+ unset($ent);
+
+ $ent = array();
+ $ent['dialplanincludeid'] = $dialplanincludeid;
+ $ent['tag'] = 'condition'; //condition, action, antiaction
+ $ent['fieldtype'] = 'destination_number';
+ $ent['fielddata'] = '^\*(732673)$';
+ $a_dialplan_include_details[] = $ent;
+ unset($ent);
+
+ $ent = array();
+ $ent['dialplanincludeid'] = $dialplanincludeid;
+ $ent['tag'] = 'action'; //condition, action, antiaction
+ $ent['fieldtype'] = 'javascript';
+ $ent['fielddata'] = 'recordings.js';
+ $a_dialplan_include_details[] = $ent;
+ unset($ent);
+
+
+ //delete dialplan DISA from the previous install
+ $disa_enabled = 'false';
+ if (count($a_dialplan_includes) > 0) {
+ $i = 0;
+ foreach ($a_dialplan_includes as $ent) {
+ if ($ent['extensionname'] == "DISA") {
+ $disa_enabled = $ent['enabled'];
+ unset($a_dialplan_includes[$i]);
+ }
+ $i++;
+ }
+ }
- $ent = array();
- $ent['dialplanincludeid'] = $dialplanincludeid;
- $ent['tag'] = 'action'; //condition, action, antiaction
- $ent['fieldtype'] = 'javascript';
- $ent['fielddata'] = 'recordings.js';
- $a_dialplan_include_details[] = $ent;
- unset($ent);
-
- write_config();
+ //add the DISA to the dialplan
+ $dialplanincludeid = guid();
+
+ $ent = array();
+ $ent['dialplanincludeid'] = $dialplanincludeid;
+ $ent['extensionname'] = 'DISA';
+ $ent['order'] = '000';
+ $ent['context'] = 'default';
+ $ent['enabled'] = $disa_enabled;
+ $ent['descr'] = '*3472 Direct Inward System Access';
+ $a_dialplan_includes[] = $ent;
+ unset($ent);
+
+ $ent = array();
+ $ent['dialplanincludeid'] = $dialplanincludeid;
+ $ent['tag'] = 'condition'; //condition, action, antiaction, set
+ $ent['fieldtype'] = 'destination_number';
+ $ent['fielddata'] = '^\*(3472)$';
+ $a_dialplan_include_details[] = $ent;
+ unset($ent);
+
+ $ent = array();
+ $ent['dialplanincludeid'] = $dialplanincludeid;
+ $ent['tag'] = 'action'; //condition, action, antiaction, set
+ $ent['fieldtype'] = 'javascript';
+ $ent['fielddata'] = 'disa.js';
+ $a_dialplan_include_details[] = $ent;
+ unset($ent);
+
+ write_config();
//prepare switch.conf.xml for voicemail to email
$filename = "/usr/local/freeswitch/conf/autoload_configs/switch.conf.xml";
@@ -1908,7 +2202,7 @@ function freeswitch_php_install_command()
$handle = fopen($filename,"w");
$contents = str_replace("<param name=\"mailer-app\" value=\"sendmail\"/>", "<param name=\"mailer-app\" value=\"/usr/local/bin/php\"/>", $contents);
- $contents = str_replace("<param name=\"mailer-app-args\" value=\"-t\"/>", "<param name=\"mailer-app-args\" value=\"/usr/local/www/freeswitch/freeswitch_mailto.php\"/>", $contents);
+ $contents = str_replace("<param name=\"mailer-app-args\" value=\"-t\"/>", "<param name=\"mailer-app-args\" value=\"/usr/local/www/packages/freeswitch/freeswitch_mailto.php\"/>", $contents);
fwrite($handle, $contents);
unset($contents);
fclose($handle);
@@ -1940,9 +2234,9 @@ function freeswitch_php_install_command()
fwrite($fout, $tmpxml);
unset($tmpxml);
fclose($fout);
-
- /* freeswitch modules defaults */
-
+
+ /* freeswitch modules defaults */
+
if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_console']) == 0) {
$config['installedpackages']['freeswitchmodules']['config'][0]['mod_console'] = "enable";
}
@@ -1963,7 +2257,7 @@ function freeswitch_php_install_command()
}
if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_xml_curl']) == 0) {
$config['installedpackages']['freeswitchmodules']['config'][0]['mod_xml_curl'] = "disable";
- }
+ }
if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_xml_cdr']) == 0) {
$config['installedpackages']['freeswitchmodules']['config'][0]['mod_xml_cdr'] = "disable";
}
@@ -2062,7 +2356,7 @@ function freeswitch_php_install_command()
}
if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_amr']) == 0) {
$config['installedpackages']['freeswitchmodules']['config'][0]['mod_amr'] = "enable";
- }
+ }
if (strlen($config['installedpackages']['freeswitchmodules']['config'][0]['mod_ilbc']) == 0) {
$config['installedpackages']['freeswitchmodules']['config'][0]['mod_ilbc'] = "enable";
}
@@ -2130,68 +2424,75 @@ function freeswitch_php_install_command()
$config['installedpackages']['freeswitchmodules']['config'][0]['mod_say_zh'] = "disable";
}
- // if backup file exists restore it
- $filename = 'freeswitch.bak.tgz';
-
- //extract a specific directory to /usr/local/freeswitch
- if (file_exists('/tmp/'.$filename)) {
- //echo "The file $filename exists";
+ // if backup file exists restore it
+ if (!is_dir('/root/backup/')) {
+ exec("mkdir /root/backup/");
+ }
+
+ //extract a specific directory to /usr/local/freeswitch
+ $filename = 'freeswitch.bak.tgz';
+ if (file_exists('/root/backup/'.$filename)) {
+ //echo "The file $filename exists";
- //Recommended
- system('cd /usr/local; tar xvpfz /tmp/'.$filename.' freeswitch/db/');
- system('cd /usr/local; tar xvpfz /tmp/'.$filename.' freeswitch/log/');
- system('cd /usr/local; tar xvpfz /tmp/'.$filename.' freeswitch/recordings/');
- system('cd /usr/local; tar xvpfz /tmp/'.$filename.' freeswitch/scripts/');
- system('cd /usr/local; tar xvpfz /tmp/'.$filename.' freeswitch/storage/');
- system('cd /usr/local; tar xvpfz /tmp/'.$filename.' freeswitch/sounds/music/8000/');
- system('cd /usr/local; tar xvpfz /tmp/'.$filename.' freeswitch/conf/ssl');
-
- //Optional
- //system('cd /usr/local; tar xvpfz /tmp/'.$filename.' freeswitch/conf/');
- //system('cd /usr/local; tar xvpfz /tmp/'.$filename.' freeswitch/grammar/');
- //system('cd /usr/local; tar xvpfz /tmp/'.$filename.' freeswitch/htdocs/');
+ exec("rm -R /usr/local/freeswitch/conf/sip_profiles/");
+ exec("rm -R /usr/local/freeswitch/sounds/music/");
+ //Recommended
+ system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/db/');
+ system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/log/');
+ system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/recordings/');
+ system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/scripts/');
+ system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/storage/');
+ system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/sounds/custom/8000/');
+ system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/sounds/music/8000/');
+ system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/conf/ssl/');
+ system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/conf/sip_profiles/');
+ system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/conf/vars.xml');
+ system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/conf/dialplan/default.xml');
+ system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/conf/dialplan/public.xml');
+
+ //Optional
+ //system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/conf/');
+ //system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/grammar/');
+ //system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/htdocs/');
+
unset($filename);
- }
-
- write_rcfile(array(
- "file" => "freeswitch.sh",
- "start" => "/usr/local/freeswitch/bin/./freeswitch -nc",
- "stop" => "/usr/local/freeswitch/bin/./freeswitch -stop"
- )
- );
-
+ }
+
+
exec("rm -R /freeswitch");
exec("cp /usr/local/freeswitch/conf/directory/default/brian.xml /usr/local/freeswitch/conf/directory/default/brian.xml.noload");
unlink_if_exists("/usr/local/freeswitch/conf/directory/default/brian.xml");
unlink_if_exists("/usr/local/freeswitch/conf/directory/default/example.com.xml");
-
+ unlink_if_exists("/usr/local/freeswitch/conf/dialplan/default/99999_enum.xml");
+
write_rcfile(array(
"file" => "freeswitch.sh",
"start" => "/usr/local/freeswitch/bin/./freeswitch -nc",
"stop" => "/usr/local/freeswitch/bin/./freeswitch -stop"
)
);
-
+
+ lan_sip_profile();
+
sync_package_freeswitch();
$handle = popen("/usr/local/etc/rc.d/freeswitch.sh start", "r");
pclose($handle);
-
- if (pkg_is_service_running('freeswitch')) {
- sync_package_freeswitch_ivr();
+
+ if (pkg_is_service_running('freeswitch')) {
+ sync_package_freeswitch_ivr();
}
-
$config['installedpackages']['freeswitchsettings']['config'][0]['freeswitch_version'] = $freeswitch_build_version." revision ".$freeswitch_build_revision.".";
$config['installedpackages']['freeswitchsettings']['config'][0]['freeswitch_package_version'] = $freeswitch_package_version;
-
+
conf_mount_ro();
config_unlock();
-
+
}
-function freeswitch_deinstall_command()
+function freeswitch_deinstall_command()
{
conf_mount_rw();
@@ -2207,42 +2508,42 @@ function freeswitch_deinstall_command()
unlink_if_exists("/usr/local/pkg/freeswitch_public.xml");
unlink_if_exists("/usr/local/pkg/freeswitch_vars.xml");
- unlink_if_exists("/usr/local/www/freeswitch/class.smtp.php");
- unlink_if_exists("/usr/local/www/freeswitch/class.phpmailer.php");
- unlink_if_exists("/usr/local/www/freeswitch/freeswitch_cmd.php");
- unlink_if_exists("/usr/local/www/freeswitch/freeswitch_dialplan_includes_details.php");
- unlink_if_exists("/usr/local/www/freeswitch/freeswitch_dialplan_includes_edit.php");
- unlink_if_exists("/usr/local/www/freeswitch/freeswitch_dialplan_includes.php");
- unlink_if_exists("/usr/local/www/freeswitch/freeswitch_dialplan_includes_details_edit.php");
- unlink_if_exists("/usr/local/www/freeswitch/freeswitch_extensions.php");
- unlink_if_exists("/usr/local/www/freeswitch/freeswitch_extensions_edit.php");
- unlink_if_exists("/usr/local/www/freeswitch/freeswitch_ivr.php");
- unlink_if_exists("/usr/local/www/freeswitch/freeswitch_ivr_edit.php");
- unlink_if_exists("/usr/local/www/freeswitch/freeswitch_ivr_options_edit.php");
- unlink_if_exists("/usr/local/www/freeswitch/freeswitch_ivr_options.php");
- unlink_if_exists("/usr/local/www/freeswitch/freeswitch_gateways.php");
- unlink_if_exists("/usr/local/www/freeswitch/freeswitch_gateways_edit.php");
- unlink_if_exists("/usr/local/www/freeswitch/freeswitch_mailto.php");
- unlink_if_exists("/usr/local/www/freeswitch/freeswitch_public_includes_details.php");
- unlink_if_exists("/usr/local/www/freeswitch/freeswitch_public_includes_edit.php");
- unlink_if_exists("/usr/local/www/freeswitch/freeswitch_public_includes.php");
- unlink_if_exists("/usr/local/www/freeswitch/freeswitch_public_includes_details_edit.php");
- unlink_if_exists("/usr/local/www/freeswitch/freeswitch_recordings.php");
- unlink_if_exists("/usr/local/www/freeswitch/freeswitch_recordings_edit.php");
- unlink_if_exists("/usr/local/www/freeswitch/freeswitch_recordings_play.php");
- unlink_if_exists("/usr/local/www/freeswitch/freeswitch_time_conditions.php");
- unlink_if_exists("/usr/local/www/freeswitch/freeswitch_time_conditions_edit.php");
- unlink_if_exists("/usr/local/www/freeswitch/freeswitch_status.php");
- unlink_if_exists("/usr/local/www/freeswitch/slim.swf");
-
+ unlink_if_exists("/usr/local/www/packages/freeswitch/class.smtp.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/class.phpmailer.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_cmd.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_dialplan_includes_details.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_dialplan_includes_edit.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_dialplan_includes.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_dialplan_includes_details_edit.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_extensions.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_extensions_edit.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_ivr.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_ivr_edit.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_ivr_options_edit.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_ivr_options.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_gateways.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_gateways_edit.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_mailto.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_public_includes_details.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_public_includes_edit.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_public_includes.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_public_includes_details_edit.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_recordings.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_recordings_edit.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_recordings_play.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_time_conditions.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_time_conditions_edit.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/freeswitch_status.php");
+ unlink_if_exists("/usr/local/www/packages/freeswitch/slim.swf");
+
exec("rm -R /usr/local/freeswitch/");
- exec("rm -R /usr/local/www/freeswitch/");
+ exec("rm -R /usr/local/www/packages/freeswitch/");
unlink_if_exists("/usr/local/etc/rc.d/freeswitch.sh");
unlink_if_exists("/tmp/freeswitch.tar.gz");
unlink_if_exists("/tmp/pkg_mgr_FreeSWITCH.log");
conf_mount_ro();
config_unlock();
-
+
}
?>
diff --git a/config/freeswitch/freeswitch.xml b/config/freeswitch/freeswitch.xml
index 65acc4d8..a8e57203 100755..100644
--- a/config/freeswitch/freeswitch.xml
+++ b/config/freeswitch/freeswitch.xml
@@ -13,7 +13,7 @@
FreeSWITCH (TM)
http://www.freeswitch.org/
- */
+*/
/* ========================================================================== */
/*
Redistribution and use in source and binary forms, with or without
@@ -36,7 +36,7 @@
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
- */
+*/
/* ========================================================================== */
]]>
</copyright>
@@ -44,7 +44,7 @@
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>FreeSWITCH Settings</name>
- <version>0.8.3.5</version>
+ <version>0.8.7.5</version>
<title>FreeSWITCH: Settings</title>
<include_file>/usr/local/pkg/freeswitch.inc</include_file>
<menu>
@@ -58,7 +58,7 @@
<name>freeswitch</name>
<rcfile>freeswitch.sh</rcfile>
<executable>freeswitch</executable>
- <description>FreeSWITCH is an open source telephony platform designed to facilitate the creation of voice and chat driven products scaling from a soft-phone up to a soft-switch. It can be used as a simple switching engine, a PBX, a media gateway or a media server to host IVR applications using simple scripts or XML to control the callflow. </description>
+ <description>FreeSWITCH is an open source telephony platform designed to facilitate the creation of voice and chat driven products scaling from a soft-phone up to a soft-switch. It can be used as a simple switching engine, a PBX, a media gateway or a media server to host IVR applications using simple scripts or XML to control the callflow. </description>
</service>
<tabs>
<tab>
@@ -68,47 +68,35 @@
</tab>
<tab>
<text>Dialplan</text>
- <url>/freeswitch/freeswitch_dialplan_includes.php</url>
+ <url>/packages/freeswitch/freeswitch_dialplan_includes.php</url>
</tab>
<tab>
<text>Extensions</text>
- <url>/freeswitch/freeswitch_extensions.php</url>
+ <url>/packages/freeswitch/freeswitch_extensions.php</url>
</tab>
<tab>
- <text>External</text>
- <url>/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0</url>
- </tab>
+ <text>Features</text>
+ <url>/packages/freeswitch/freeswitch_features.php</url>
+ </tab>
<tab>
<text>Gateways</text>
- <url>/freeswitch/freeswitch_gateways.php</url>
- </tab>
- <tab>
- <text>Internal</text>
- <url>/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0</url>
+ <url>/packages/freeswitch/freeswitch_gateways.php</url>
</tab>
<tab>
- <text>IVR</text>
- <url>/freeswitch/freeswitch_ivr.php</url>
- </tab>
- <tab>
- <text>Modules</text>
- <url>/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0</url>
+ <text>Profiles</text>
+ <url>/packages/freeswitch/freeswitch_profiles.php</url>
</tab>
<tab>
<text>Public</text>
- <url>/freeswitch/freeswitch_public_includes.php</url>
- </tab>
- <tab>
- <text>Rec</text>
- <url>/freeswitch/freeswitch_recordings.php</url>
+ <url>/packages/freeswitch/freeswitch_public_includes.php</url>
</tab>
<tab>
<text>Status</text>
- <url>/freeswitch/freeswitch_status.php</url>
+ <url>/packages/freeswitch/freeswitch_status.php</url>
</tab>
<tab>
<text>Vars</text>
- <url>/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0</url>
+ <url>/packages/freeswitch/freeswitch_vars.php</url>
</tab>
</tabs>
<configpath>installedpackages->package->$packagename->configuration->freeswitchsettings</configpath>
@@ -122,231 +110,6 @@
<chmod>0755</chmod>
<item>http://www.pfsense.com/packages/config/freeswitch/freeswitch.inc</item>
</additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/lib/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/libtinfo.so.5.6</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/lib/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/libncurses.so.5.6</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/lib/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/libogg.so.5.3</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/lib/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/libvorbis.so.4</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/lib/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/libcurl.so.5</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/mod_shout.so.1</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/mod_fax.so.1</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/lib/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/libspandsp.so.1</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/lib/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/libodbc.so.1</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/lib/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/libiconv.so.3</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/please_enter_your_pin_number.wav</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/begin_recording.wav</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/your_pin_number_is_incorect_goodbye.wav</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/class.smtp.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/class.phpmailer.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_cmd.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_dialplan.xml</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_dialplan_includes.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_dialplan_includes_edit.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_dialplan_includes_details.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_dialplan_includes_details_edit.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_extensions.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_extensions_edit.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_external.xml</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_gateways.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_gateways_edit.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_internal.xml</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_ivr.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_ivr_edit.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_ivr_options_edit.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_ivr_options.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_mailto.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_modules.xml</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_public.xml</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_public_includes.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_public_includes_edit.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_public_includes_details.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_public_includes_details_edit.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_recordings.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_recordings_edit.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_recordings_play.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_status.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_time_conditions.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/tmp/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_time_conditions_edit.tmp</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/freeswitch/freeswitch_vars.xml</item>
- </additional_files_needed>
<fields>
<field>
<fielddescr>Numbering Plan</fielddescr>
@@ -474,6 +237,18 @@
<description>Enter the SMTP From Name.</description>
<type>input</type>
</field>
+ <field>
+ <fielddescr>Mod Shout Decoder</fielddescr>
+ <fieldname>mod_shout_decoder</fieldname>
+ <description>Enter the Decoder. default: i386</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fielddescr>Mod Shout Volume</fielddescr>
+ <fieldname>mod_shout_volume</fieldname>
+ <description>Enter the Volume. default: 0.3</description>
+ <type>input</type>
+ </field>
</fields>
<custom_add_php_command>
</custom_add_php_command>
diff --git a/config/freeswitch/freeswitch_cmd.tmp b/config/freeswitch/freeswitch_cmd.tmp
index 05ae77cf..21dba508 100755..100644
--- a/config/freeswitch/freeswitch_cmd.tmp
+++ b/config/freeswitch/freeswitch_cmd.tmp
@@ -4,7 +4,7 @@
freeswitch_cmd.php
Copyright (C) 2008 Mark J Crane
All rights reserved.
-
+
FreeSWITCH (TM)
http://www.freeswitch.org/
@@ -44,6 +44,6 @@ $fp = event_socket_create($host, $port, $password);
$response = event_socket_request($fp, $cmd);
fclose($fp);
-header("Location: /freeswitch/freeswitch_status.php?savemsg=".urlencode($response));
+header("Location: /packages/freeswitch/freeswitch_status.php?savemsg=".urlencode($response));
?> \ No newline at end of file
diff --git a/config/freeswitch/freeswitch_dialplan.tmp b/config/freeswitch/freeswitch_dialplan.tmp
new file mode 100644
index 00000000..fcfb3192
--- /dev/null
+++ b/config/freeswitch/freeswitch_dialplan.tmp
@@ -0,0 +1,163 @@
+<?php
+/* $Id$ */
+/*
+ freeswitch_dialplan.php
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+require("/usr/local/pkg/freeswitch.inc");
+
+//$a_extensions = &$config['installedpackages']['freeswitchprofiles']['config'];
+
+if ($_GET['a'] == "default") {
+ conf_mount_rw();
+ exec("cp /usr/local/freeswitch/conf.orig/dialplan/default.xml /usr/local/freeswitch/conf/dialplan/default.xml");
+ $savemsg = "Default Restored";
+ conf_mount_ro();
+}
+
+if ($_POST['a'] == "save") {
+ conf_mount_rw();
+ $content = ereg_replace("\r","",$_POST['code']);
+ $fd = fopen("/usr/local/freeswitch/conf/dialplan/default.xml", "w");
+ fwrite($fd, $content);
+ fclose($fd);
+ $savemsg = "Saved";
+ conf_mount_ro();
+}
+
+
+$fd = fopen("/usr/local/freeswitch/conf/dialplan/default.xml", "r");
+$content = fread($fd, filesize("/usr/local/freeswitch/conf/dialplan/default.xml"));
+fclose($fd);
+
+include("head.inc");
+
+?>
+
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<script language="Javascript">
+function sf() { document.forms[0].savetopath.focus(); }
+</script>
+<script language="Javascript" type="text/javascript" src="/edit_area/edit_area_full.js"></script>
+<script language="Javascript" type="text/javascript">
+ // initialisation
+ editAreaLoader.init({
+ id: "code" // id of the textarea to transform
+ ,start_highlight: false
+ ,allow_toggle: false
+ ,language: "en"
+ ,syntax: "html"
+ ,toolbar: "search, go_to_line,|, fullscreen, |, undo, redo, |, select_font, |, syntax_selection, |, change_smooth_selection, highlight, reset_highlight, |, help"
+ ,syntax_selection_allow: "css,html,js,php,xml,c,cpp,sql"
+ ,show_line_colors: true
+ });
+</script>
+
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">FreeSWITCH: Dialplan</p>
+
+<div id="mainlevel">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td class="tabnavtbl">
+<?php
+
+display_top_tabs(build_menu());
+
+?>
+</td></tr>
+</table>
+
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="tabcont" >
+
+<form action="freeswitch_dialplan.php" method="post" name="iform" id="iform">
+<?php
+
+?>
+ <table width="98%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width='90%'><p><span class="vexpl"><span class="red"><strong>Default Dialplan<br>
+ </strong></span>
+ The default dialplan is used to setup call destinations based on conditions and context.
+ You can use the dialplan to send calls to gateways, IVRs, external numbers, to scripts, or any destination.
+ </p>
+ </td>
+ <td width='10%' align='right' valign='middle'><input type="submit" value="save" /></td>
+ </tr>
+ </table>
+ <br />
+ <br />
+
+ <textarea style="width:98%" id="code" name="code" rows="30" cols="<?php echo $cols; ?>" name="content"><?php echo htmlentities($content); ?></textarea>
+ <br />
+ <br />
+
+ <table width="98%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td>/usr/local/freeswitch/conf/dialplan/default.xml</td>
+ <td align='right'>
+ <input type="hidden" name="f" value="<?php echo $_GET['f']; ?>" />
+ <input type="hidden" name="a" value="save" />
+ <?php
+ echo "<input type='button' value='Restore Default' onclick=\"document.location.href='/packages/freeswitch/freeswitch_dialplan.php?a=default&f=default.xml';\" />";
+ ?>
+ </td>
+ </tr>
+ </table>
+
+</form>
+
+<br>
+<br>
+
+<br>
+<br>
+<br>
+<br>
+<br>
+<br>
+<br>
+<br>
+
+</td>
+</tr>
+</table>
+
+</div>
+
+
+
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/freeswitch/freeswitch_dialplan.xml b/config/freeswitch/freeswitch_dialplan.xml
deleted file mode 100755
index 41ca32d4..00000000
--- a/config/freeswitch/freeswitch_dialplan.xml
+++ /dev/null
@@ -1,136 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
-<packagegui>
- <copyright>
- <![CDATA[
-/* $Id$ */
-/* ========================================================================== */
-/*
- freeswitch_dialplan.xml
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
-
-
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 to whom it may belong
- All rights reserved.
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
- ]]>
- </copyright>
- <description>FreeSWITCH is an open source telephony platform designed to facilitate the creation of voice and chat driven products scaling from a soft-phone up to a soft-switch. It can be used as a simple switching engine, a PBX, a media gateway or a media server to host IVR applications using simple scripts or XML to control the callflow.</description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
- <name>freeswitchdialplan</name>
- <version>0.1</version>
- <title>FreeSWITCH: Dialplan</title>
- <aftersaveredirect>pkg_edit.php?xml=freeswitch_dialplan.xml&amp;id=0</aftersaveredirect>
- <include_file>/usr/local/pkg/freeswitch.inc</include_file>
- <tabs>
- <tab>
- <text>Settings</text>
- <url>/pkg_edit.php?xml=freeswitch.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Dialplan</text>
- <url>/freeswitch/freeswitch_dialplan_includes.php</url>
- <active/>
- </tab>
- <tab>
- <text>Extensions</text>
- <url>/freeswitch/freeswitch_extensions.php</url>
- </tab>
- <tab>
- <text>External</text>
- <url>/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Gateways</text>
- <url>/freeswitch/freeswitch_gateways.php</url>
- </tab>
- <tab>
- <text>Internal</text>
- <url>/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>IVR</text>
- <url>/freeswitch/freeswitch_ivr.php</url>
- </tab>
- <tab>
- <text>Modules</text>
- <url>/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Public</text>
- <url>/freeswitch/freeswitch_public_includes.php</url>
- </tab>
- <tab>
- <text>Rec</text>
- <url>/freeswitch/freeswitch_recordings.php</url>
- </tab>
- <tab>
- <text>Status</text>
- <url>/freeswitch/freeswitch_status.php</url>
- </tab>
- <tab>
- <text>Vars</text>
- <url>/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0</url>
- </tab>
- </tabs>
- <configpath>installedpackages->package->$packagename->configuration->freeswitchdialplan</configpath>
- <fields>
- <field>
- <fielddescr>&lt;b&gt;Default Dialplan&lt;/b&gt; &lt;br /&gt; &lt;br /&gt; The default dialplan is used to setup call destinations based on conditions and context. You can use the dialplan to send calls to gateways, IVRs, external numbers, to scripts, or any destination. </fielddescr>
- <fieldname>dialplan_default_xml</fieldname>
- <description>&lt;br /&gt;Path: /usr/local/freeswitch/conf/dialplan/default.xml &lt;br /&gt;&lt;br /&gt;</description>
- <type>textarea</type>
- <encoding>base64</encoding>
- <wrap>off</wrap>
- <size>30</size>
- <cols>70</cols>
- <rows>33</rows>
- </field>
- </fields>
- <custom_php_command_before_form>
- </custom_php_command_before_form>
- <custom_php_after_head_command>
- sync_package_freeswitch_dialplan();
- </custom_php_after_head_command>
- <custom_php_after_form_command>
- </custom_php_after_form_command>
- <custom_php_validation_command>
- </custom_php_validation_command>
- <custom_php_resync_config_command>
- sync_package_freeswitch_dialplan();
- </custom_php_resync_config_command>
-</packagegui> \ No newline at end of file
diff --git a/config/freeswitch/freeswitch_dialplan_includes.tmp b/config/freeswitch/freeswitch_dialplan_includes.tmp
index 4b7bacfa..55379ea5 100755..100644
--- a/config/freeswitch/freeswitch_dialplan_includes.tmp
+++ b/config/freeswitch/freeswitch_dialplan_includes.tmp
@@ -1,10 +1,10 @@
<?php
/* $Id$ */
/*
- freeswitch_dialplan_includes.php
+ freeswitch_dialplan_includes.php
Copyright (C) 2008 Mark J Crane
All rights reserved.
-
+
FreeSWITCH (TM)
http://www.freeswitch.org/
@@ -41,7 +41,7 @@ require("/usr/local/pkg/freeswitch.inc");
//default
//enabled
//descr
-
+
//freeswitchdialplanincludedetails
//dialplanincludeid
@@ -53,7 +53,7 @@ require("/usr/local/pkg/freeswitch.inc");
//tagorder
//1-20
//fieldtype
-
+
//fielddata
@@ -63,7 +63,7 @@ $a_dialplan_includes_details = &$config['installedpackages']['freeswitchdialplan
if ($_GET['act'] == "del") {
if ($_GET['type'] == 'dialplanincludes') {
-
+
if ($a_dialplan_includes[$_GET['id']]) {
$dialplanincludeid = $a_dialplan_includes[$_GET['id']][dialplanincludeid];
@@ -71,7 +71,7 @@ if ($_GET['act'] == "del") {
$extensionname = $a_dialplan_includes[$_GET['id']][extensionname];
$order = $a_dialplan_includes[$_GET['id']][order];
$dialplanincludefilename = $order."_".$extensionname.".xml";
-
+
//delete the dialplan include details. aka. child data
if (count($a_dialplan_includes_details) > 0) {
$i=0;
@@ -80,16 +80,16 @@ if ($_GET['act'] == "del") {
//echo "child id: ".$i."<br />\n";
unset($a_dialplan_includes_details[$i]);
}
- $i++;
+ $i++;
}
}
-
+
//if the dialplan include xml file exists then delete it
if (file_exists("/usr/local/freeswitch/conf/dialplan/default/".$dialplanincludefilename)) {
unlink("/usr/local/freeswitch/conf/dialplan/default/".$dialplanincludefilename);
}
-
- unset($dialplanincludefilename);
+
+ unset($dialplanincludefilename);
unset($a_dialplan_includes[$_GET['id']]);
write_config();
sync_package_freeswitch_dialplan_includes();
@@ -111,21 +111,8 @@ include("head.inc");
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
<?php
-
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=freeswitch.xml&amp;id=0");
- $tab_array[] = array(gettext("Dialplan"), true, "/freeswitch/freeswitch_dialplan_includes.php");
- $tab_array[] = array(gettext("Extensions"), false, "/freeswitch/freeswitch_extensions.php");
- $tab_array[] = array(gettext("External"), false, "/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0");
- $tab_array[] = array(gettext("Gateways"), false, "/freeswitch/freeswitch_gateways.php");
- $tab_array[] = array(gettext("Internal"), false, "/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0");
- $tab_array[] = array(gettext("IVR"), false, "/freeswitch/freeswitch_ivr.php");
- $tab_array[] = array(gettext("Modules"), false, "/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0");
- $tab_array[] = array(gettext("Public"), false, "/freeswitch/freeswitch_public_includes.php");
- $tab_array[] = array(gettext("Rec"), false, "/freeswitch/freeswitch_recordings.php");
- $tab_array[] = array(gettext("Status"), false, "/freeswitch/freeswitch_status.php");
- $tab_array[] = array(gettext("Vars"), false, "/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0");
- display_top_tabs($tab_array);
+
+display_top_tabs(build_menu());
?>
</td></tr>
@@ -136,7 +123,7 @@ include("head.inc");
<td class="tabcont" >
<form action="freeswitch_dialplan_includes.php" method="post" name="iform" id="iform">
-<?php
+<?php
//echo "<pre>";
@@ -146,28 +133,28 @@ include("head.inc");
//if ($config_change == 1) {
// write_config();
-// $config_change = 0;
+// $config_change = 0;
//}
-//if ($savemsg) print_info_box($savemsg);
+//if ($savemsg) print_info_box($savemsg);
//if (file_exists($d_hostsdirty_path)): echo"<p>";
//print_info_box_np("This has been changed.<br>You must apply the changes in order for them to take effect.");
//echo"<br />";
-//endif;
+//endif;
?>
<br />
<br />
- <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td><span class="vexpl"><span class="red"><strong>Dialplan
</strong></span></span>
</td>
<td align='right'>
- <input type='button' value='default.xml' onclick="document.location.href='/pkg_edit.php?xml=freeswitch_dialplan.xml&id=0';">
- </td>
+ <input type='button' value='default.xml' onclick="document.location.href='/packages/freeswitch/freeswitch_dialplan.php';">
+ </td>
</tr>
<tr>
<td colspan='2'>
@@ -175,14 +162,14 @@ include("head.inc");
The dialplan is used to setup call destinations based on conditions and context. You can use the dialplan to send calls to gateways, IVRs, external numbers, to scripts, or any destination.
</span>
</td>
-
+
</tr>
</table>
<br />
<br />
- <br />
-
+ <br />
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="20%" class="listhdrr">Extension Name</td>
@@ -199,35 +186,55 @@ include("head.inc");
</td>
</tr>
- <?php
- $i = 0;
- if (count($a_dialplan_includes) > 0) {
- foreach ($a_dialplan_includes as $ent) {
+ <?php
+ //create a temporary id for the array
+ $i = 0;
+ if (count($a_dialplan_includes) > 0) {
+ foreach ($a_dialplan_includes as $ent) {
+ $a_dialplan_includes[$i]['id'] = $i;
+ $i++;
+ }
+ }
+
+ //order the array
+ function cmp_number($a, $b) {
+ if ($a["order"] > $b["order"]) {
+ return 1;
+ }
+ else {
+ return 0;
+ }
+ }
+ if (count($a_public_includes) > 0) { usort($a_dialplan_includes, "cmp_number"); }
+
+ $i = 0;
+ if (count($a_dialplan_includes) > 0) {
+ foreach ($a_dialplan_includes as $ent) {
?>
- <tr>
- <td class="listlr" ondblclick="document.location='freeswitch_dialplan_includes_edit.php?id=<?=$i;?>'">
- <?=$ent['extensionname']?>
- </td>
- <td class="listlr" ondblclick="document.location='freeswitch_dialplan_includes_edit.php?id=<?=$i;?>'">
- <?=$ent['order']?>
- </td>
- <td class="listr" ondblclick="document.location='freeswitch_dialplan_includes_edit.php?id=<?=$i;?>';">
- <?=$ent['enabled'];?>&nbsp;
- </td>
- <td class="listbg" ondblclick="document.location='freeswitch_dialplan_includes_edit.php?id=<?=$i;?>';">
- <font color="#FFFFFF"><?=htmlspecialchars($ent['descr']);?>&nbsp;
- </td>
- <td valign="middle" nowrap class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle"><a href="freeswitch_dialplan_includes_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td>
- <td><a href="freeswitch_dialplan_includes.php?type=dialplanincludes&act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td>
- </tr>
- </table>
- </td>
- </tr>
- <?php
- $i++;
+ <tr>
+ <td class="listlr" ondblclick="document.location='freeswitch_dialplan_includes_edit.php?id=<?=$ent['id'];?>'">
+ <?=$ent['extensionname']?>
+ </td>
+ <td class="listlr" ondblclick="document.location='freeswitch_dialplan_includes_edit.php?id=<?=$ent['id'];?>'">
+ <?=$ent['order']?>
+ </td>
+ <td class="listr" ondblclick="document.location='freeswitch_dialplan_includes_edit.php?id=<?=$ent['id'];?>';">
+ <?=$ent['enabled'];?>&nbsp;
+ </td>
+ <td class="listbg" ondblclick="document.location='freeswitch_dialplan_includes_edit.php?id=<?=$ent['id'];?>';">
+ <font color="#FFFFFF"><?=htmlspecialchars($ent['descr']);?>&nbsp;
+ </td>
+ <td valign="middle" nowrap class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle"><a href="freeswitch_dialplan_includes_edit.php?id=<?=$ent['id'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td>
+ <td><a href="freeswitch_dialplan_includes.php?type=dialplanincludes&act=del&id=<?=$ent['id'];?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php
+ $i++;
}
}
?>
@@ -248,7 +255,7 @@ include("head.inc");
<td class="list"></td>
</tr>
</table>
-
+
</form>
/usr/local/freeswitch/conf/dialplan/default/
@@ -268,4 +275,4 @@ include("head.inc");
<?php include("fend.inc"); ?>
</body>
-</html>
+</html> \ No newline at end of file
diff --git a/config/freeswitch/freeswitch_dialplan_includes_details.tmp b/config/freeswitch/freeswitch_dialplan_includes_details.tmp
index 7b14dae4..1504d590 100755
--- a/config/freeswitch/freeswitch_dialplan_includes_details.tmp
+++ b/config/freeswitch/freeswitch_dialplan_includes_details.tmp
@@ -2,11 +2,11 @@
/* $Id$ */
/*
freeswitch_dialplan_includes_details.php
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
diff --git a/config/freeswitch/freeswitch_dialplan_includes_details_edit.tmp b/config/freeswitch/freeswitch_dialplan_includes_details_edit.tmp
index 391d46d7..bd719273 100755..100644
--- a/config/freeswitch/freeswitch_dialplan_includes_details_edit.tmp
+++ b/config/freeswitch/freeswitch_dialplan_includes_details_edit.tmp
@@ -1,24 +1,24 @@
-<?php
+<?php
/* $Id$ */
/*
freeswitch_dialplan_includes_details_edit.php
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
-
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -62,9 +62,9 @@ if (isset($_POST['dialplanincludeid'])) {
//tagorder
//1-20
//fieldtype
-
+
//fielddata
-
+
if (isset($id) && $a_dialplan_includes_details[$id]) {
$pconfig['dialplanincludeid'] = $a_dialplan_includes_details[$id]['dialplanincludeid'];
@@ -89,7 +89,7 @@ if ($_POST) {
if (!$input_errors) {
-
+
$ent = array();
$ent['dialplanincludeid'] = $_POST['dialplanincludeid'];
$ent['tag'] = $_POST['tag'];
@@ -103,7 +103,7 @@ if ($_POST) {
$a_dialplan_includes_details[$id] = $ent;
}
else {
- //add
+ //add
$a_dialplan_includes_details[] = $ent;
}
@@ -129,29 +129,16 @@ include("head.inc");
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
<?php
-
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=freeswitch.xml&amp;id=0");
- $tab_array[] = array(gettext("Dialplan"), true, "/freeswitch/freeswitch_dialplan_includes.php");
- $tab_array[] = array(gettext("Extensions"), false, "/freeswitch/freeswitch_extensions.php");
- $tab_array[] = array(gettext("External"), false, "/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0");
- $tab_array[] = array(gettext("Gateways"), false, "/freeswitch/freeswitch_gateways.php");
- $tab_array[] = array(gettext("Internal"), false, "/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0");
- $tab_array[] = array(gettext("IVR"), false, "/freeswitch/freeswitch_ivr.php");
- $tab_array[] = array(gettext("Modules"), false, "/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0");
- $tab_array[] = array(gettext("Public"), false, "/freeswitch/freeswitch_public_includes.php");
- $tab_array[] = array(gettext("Rec"), false, "/freeswitch/freeswitch_recordings.php");
- $tab_array[] = array(gettext("Status"), false, "/freeswitch/freeswitch_status.php");
- $tab_array[] = array(gettext("Vars"), false, "/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0");
- display_top_tabs($tab_array);
-
+
+display_top_tabs(build_menu());
+
?>
</td></tr>
</table>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="tabcont" >
-
+
<form action="freeswitch_dialplan_includes_details_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
@@ -179,9 +166,9 @@ include("head.inc");
if (tag == "") {
document.getElementById("label_fieldtype").innerHTML = "Type";
document.getElementById("label_fielddata").innerHTML = "Data";
- }
+ }
}
- </script>
+ </script>
<?php
echo " <select name='tag' class='formfld' id='form_tag' onchange='dialplan_include_details_tag_onchange();'>\n";
echo " <option></option>\n";
@@ -209,7 +196,7 @@ include("head.inc");
echo " <option>action</option>\n";
echo " <option>anti-action</option>\n";
//echo " <option selected='yes'>param</option>\n";
- break;
+ break;
default:
echo " <option>condition</option>\n";
echo " <option>action</option>\n";
@@ -217,31 +204,31 @@ include("head.inc");
//echo " <option>param</option>\n";
}
echo " </select>\n";
-
+
//condition
//field expression
//action
- //application
+ //application
//data
//antiaction
- //application
+ //application
//data
//param
//name
//value
-
+
?>
</td>
- </tr>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncellreq" id="label_fieldtype">Type</td>
- <td width="78%" class="vtable">
- <input name="fieldtype" type="text" class="formfld" id="fieldtype" size="40" value="<?=htmlspecialchars($pconfig['fieldtype']);?>">
+ <td width="78%" class="vtable">
+ <input name="fieldtype" type="text" class="formfld" id="fieldtype" size="40" value="<?=htmlspecialchars($pconfig['fieldtype']);?>">
</td>
- </tr>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncellreq" id="label_fielddata">Data</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="fielddata" type="text" class="formfld" id="fielddata" size="40" value="<?=htmlspecialchars($pconfig['fielddata']);?>">
<br> <span class="vexpl"></span></td>
</tr>
@@ -249,16 +236,16 @@ include("head.inc");
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
<input name="dialplanincludeid" type="hidden" value="<?=$dialplanincludeid;?>">
- <input name="parentid" type="hidden" value="<?=$parentid;?>">
+ <input name="parentid" type="hidden" value="<?=$parentid;?>">
<?php if (isset($id) && $a_dialplan_includes_details[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>">
+ <input name="id" type="hidden" value="<?=$id;?>">
<?php endif; ?>
<input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()">
</td>
</tr>
</table>
</form>
-
+
<br />
<br />
<b>Additional Information</b>
@@ -270,7 +257,7 @@ include("head.inc");
<br />
<br />
<br />
-
+
<b>Conditions</b>
<br />
<br />
@@ -287,49 +274,49 @@ include("head.inc");
<li><b>uuid</b> Unique identifier of the current call? (looks like a GUID)</li>
<li><b>source</b> Name of the FreeSwitch module that received the call (e.g. PortAudio)</li>
<li><b>chan_name</b> Name of the current channel (Example: PortAudio/1234). Give us examples when this one can be used.</li>
- <li><b>network_addr</b> IP address of the signalling source for a VoIP call.</li>
+ <li><b>network_addr</b> IP address of the signalling source for a VoIP call.</li>
</ul>
In addition to the above you can also do variables using the syntax ${variable} or api functions using the syntax %{api} {args}
<br />
<br />
- Variables may be used in either the field or the expression, as follows
+ Variables may be used in either the field or the expression, as follows
<br />
<br />
<br />
<br />
-
+
<b>Action and Anti-Actions</b>
<br />
<br />
Actions are executed when the <b>condition matches</b>. Anti-Actions are executed when the <b>condition does NOT match</b>.
Additional information on applications for Actions and Anti-Actions.<br />
- <a href='http://wiki.freeswitch.org/wiki/Modules#Applications' target='_blank'>http://wiki.freeswitch.org/wiki/Modules#Applications</a>
+ <a href='http://wiki.freeswitch.org/wiki/Modules#Applications' target='_blank'>http://wiki.freeswitch.org/wiki/Modules#Applications</a>
<br />
<a href='http://wiki.freeswitch.org/wiki/Dialplan_Functions' target='_blank'>http://wiki.freeswitch.org/wiki/Dialplan_Functions</a>
<br />
<br />
<br />
- The following is a partial list of <b>applications</b>.
+ The following is a partial list of <b>applications</b>.
<ul>
<li><b>answer</b> answer the call</li>
<li><b>bridge</b> bridge the call<li>
<li><b>cond</b></li>
- <li><b>db</b> is a a runtime database either sqlite by default or odbc</li>
+ <li><b>db</b> is a a runtime database either sqlite by default or odbc</li>
<li><b>global_set</b> allows setting of global vars similar to the ones found in vars.xml</li>
<li><b>group</b> allows grouping of several extensions for things like ring groups</li>
<li><b>expr</b></li>
- <li><b>hangup</b> hangs up the call</li>
+ <li><b>hangup</b> hangs up the call</li>
<li><b>info</b> sends call info to the console</li>
<li><b>javascript</b> run javascript .js files</li>
<li><b>playback</b></li>
<li><b>reject</b> reject the call</li>
- <li><b>respond</b></li>
- <li><b>ring_ready</b></li>
+ <li><b>respond</b></li>
+ <li><b>ring_ready</b></li>
<li><b>set</b> set a variable</li>
<li><b>set_user</b></li>
<li><b>sleep</b></li>
- <li><b>sofia_contact</b></li>
+ <li><b>sofia_contact</b></li>
<li><b>transfer</b> transfer the call to another extension or number<li>
<li><b>voicemail</b> send the call to voicemail</li>
</ul>
@@ -342,13 +329,13 @@ include("head.inc");
<b>Param</b>
Example parameters by name and value
<br />
- <a href='http://wiki.freeswitch.org/wiki/Special:Search?search=param&go=Go' target='_blank'>http://wiki.freeswitch.org/wiki/Special:Search?search=param&go=Go</a>
+ <a href='http://wiki.freeswitch.org/wiki/Special:Search?search=param&go=Go' target='_blank'>http://wiki.freeswitch.org/wiki/Special:Search?search=param&go=Go</a>
<ul>
- <li><b>codec-ms</b> 20</li>
+ <li><b>codec-ms</b> 20</li>
<li><b>codec-prefs</b> PCMU@20i</li>
<li><b>debug</b> 1</li>
<li><b>dialplan</b> XML</li>
- <li><b>dtmf-duration</b> 100</li>
+ <li><b>dtmf-duration</b> 100</li>
<li><b>rfc2833-pt</b>" 101</li>
<li><b>sip-port</b> 5060</li>
<li><b>use-rtp-timer</b> true</li>
@@ -357,13 +344,13 @@ include("head.inc");
<br />
-->
-
+
<br />
<br />
<br />
<br />
<br />
-
+
</td>
</tr>
</table>
diff --git a/config/freeswitch/freeswitch_dialplan_includes_edit.tmp b/config/freeswitch/freeswitch_dialplan_includes_edit.tmp
index e838a277..1901608f 100755..100644
--- a/config/freeswitch/freeswitch_dialplan_includes_edit.tmp
+++ b/config/freeswitch/freeswitch_dialplan_includes_edit.tmp
@@ -1,24 +1,23 @@
-<?php
+<?php
/* $Id$ */
/*
-
freeswitch_dialplan_includes_edit.php
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
-
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -42,7 +41,7 @@ require("/usr/local/pkg/freeswitch.inc");
//default
//enabled
//descr
-
+
//
@@ -88,11 +87,11 @@ if ($_POST) {
if (!$input_errors) {
-
+
$ent = array();
if (strlen($_POST['dialplanincludeid']) > 0) {
//update
- $ent['dialplanincludeid'] = $_POST['dialplanincludeid'];
+ $ent['dialplanincludeid'] = $_POST['dialplanincludeid'];
}
else {
//add
@@ -107,48 +106,48 @@ if ($_POST) {
$ent['opt1name'] = $_POST['opt1name'];
$ent['opt1value'] = $_POST['opt1value'];
-
+
if (isset($id) && $a_dialplan_includes[$id]) {
-
+
if (count($a_dialplan_includes)>0) {
foreach($a_dialplan_includes as $rowhelper) {
-
+
//$rowhelper['dialplanincludeid'];
//$rowhelper['extensionname'];
//$rowhelper['context'];
//$rowhelper['enabled'];
-
+
$filenamechanged = false;
if ($rowhelper['dialplanincludeid'] == $_POST['dialplanincludeid']) {
-
+
if ($rowhelper['extensionname'] != $_POST['extensionname']) {
//if the extension name has changed then remove the current dialplan xml file
//to prepare for the new file
- $filenamechanged = true;
+ $filenamechanged = true;
}
if ($rowhelper['order'] != $_POST['order']) {
//if the order has changed then remove the current dialplan xml file
//to prepare for the new file
- $filenamechanged = true;
- }
+ $filenamechanged = true;
+ }
if ($_POST['enabled'] == "false") {
//if the extension name is disabled then remove the dialplan xml file
$filenamechanged = true;
}
- if ($filenamechanged){
+ if ($filenamechanged){
$dialplanincludefilename = $rowhelper['order']."_".$rowhelper['extensionname'].".xml";
if (file_exists("/usr/local/freeswitch/conf/dialplan/default/".$dialplanincludefilename)) {
unlink("/usr/local/freeswitch/conf/dialplan/default/".$dialplanincludefilename);
}
unset($dialplanincludefilename);
}
-
+
}
- unset($filenamechanged);
-
+ unset($filenamechanged);
+
} //end foreach
} //end count
-
+
//update the config
$a_dialplan_includes[$id] = $ent;
}
@@ -181,21 +180,8 @@ include("head.inc");
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
<?php
-
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=freeswitch.xml&amp;id=0");
- $tab_array[] = array(gettext("Dialplan"), true, "/freeswitch/freeswitch_dialplan_includes.php");
- $tab_array[] = array(gettext("Extensions"), false, "/freeswitch/freeswitch_extensions.php");
- $tab_array[] = array(gettext("External"), false, "/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0");
- $tab_array[] = array(gettext("Gateways"), false, "/freeswitch/freeswitch_gateways.php");
- $tab_array[] = array(gettext("Internal"), false, "/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0");
- $tab_array[] = array(gettext("IVR"), false, "/freeswitch/freeswitch_ivr.php");
- $tab_array[] = array(gettext("Modules"), false, "/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0");
- $tab_array[] = array(gettext("Public"), false, "/freeswitch/freeswitch_public_includes.php");
- $tab_array[] = array(gettext("Rec"), false, "/freeswitch/freeswitch_recordings.php");
- $tab_array[] = array(gettext("Status"), false, "/freeswitch/freeswitch_status.php");
- $tab_array[] = array(gettext("Vars"), false, "/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0");
- display_top_tabs($tab_array);
+
+display_top_tabs(build_menu());
?>
</td></tr>
@@ -203,8 +189,8 @@ include("head.inc");
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="tabcont" >
-
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
+
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td><p><span class="vexpl"><span class="red"><strong>Dialplan:<br>
</strong></span>
@@ -218,27 +204,27 @@ include("head.inc");
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td width="22%" valign="top" class="vncellreq">Extension Name</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="extensionname" type="text" class="formfld" id="extensionname" size="40" value="<?=htmlspecialchars($pconfig['extensionname']);?>">
<br />
- Supported characters are 'a-z', 'A-Z', '0-9', underscore '_', and period '.'.
+ Supported characters are 'a-z', 'A-Z', '0-9', underscore '_', and period '.'.
</td>
</tr>
<!--
<tr>
<td width="22%" valign="top" class="vncellreq">Context</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="context" type="text" class="formfld" id="context" size="40" value="<?=htmlspecialchars($pconfig['context']);?>">
<br />
e.g. default
</td>
</tr>
-->
-
+
<tr>
<td width="22%" valign="top" class="vncellreq">Enabled</td>
- <td width="78%" class="vtable">
- <?php
+ <td width="78%" class="vtable">
+ <?php
echo " <select name='enabled' class='formfld'>\n";
echo " <option></option>\n";
switch (htmlspecialchars($pconfig['enabled'])) {
@@ -256,30 +242,30 @@ include("head.inc");
echo " <option value='false'>false</option>\n";
}
echo " </select>\n";
- ?>
+ ?>
</td>
</tr>
-
+
<tr>
<td width="22%" valign="top" class="vncellreq">Order</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<?php
-
+
echo " <select name='order' class='formfld'>\n";
- echo " <option></option>\n";
+ //echo " <option></option>\n";
if (strlen(htmlspecialchars($pconfig['order']))> 0) {
- echo " <option selected='yes' value='".htmlspecialchars($pconfig['order'])."'>".htmlspecialchars($pconfig['order'])."</option>\n";
+ echo " <option selected='yes' value='".htmlspecialchars($pconfig['order'])."'>".htmlspecialchars($pconfig['order'])."</option>\n";
}
$i=0;
while($i<=999) {
- if (strlen($i) == 1) {
+ if (strlen($i) == 1) {
echo " <option value='00$i'>00$i</option>\n";
}
if (strlen($i) == 2) {
echo " <option value='0$i'>0$i</option>\n";
}
if (strlen($i) == 3) {
- echo " <option value='$i'>$i</option>\n";
+ echo " <option value='$i'>$i</option>\n";
}
$i++;
@@ -287,24 +273,24 @@ include("head.inc");
echo " </select>\n";
?>
<br />
- Processing of each dialplan include is determined by this order.
+ Processing of each dialplan include is determined by this order.
</td>
</tr>
-
+
<tr>
<td width="22%" valign="top" class="vncell">Description</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
<br> <span class="vexpl">You may enter a description here
for your reference (not parsed).</span></td>
- </tr>
+ </tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
<input name="dialplanincludeid" type="hidden" value="<?=htmlspecialchars($pconfig['dialplanincludeid']);?>">
- <?php
+ <?php
if (strlen($id) > 0 && $a_dialplan_includes[$id]) {
- echo "\n";
+ echo "\n";
echo " <input name=\"id\" type=\"hidden\" value=\"$id\">\n";
echo " <input name=\"opt1name\" type=\"hidden\" value=\"".htmlspecialchars($pconfig['opt1name'])."\">\n";
echo " <input name=\"opt1value\" type=\"hidden\" value=\"".htmlspecialchars($pconfig['opt1value'])."\">\n";
@@ -315,36 +301,36 @@ include("head.inc");
</tr>
</table>
</form>
-
+
<br>
<br>
<form action="freeswitch_dialplan_includes_edit.php" method="post" name="iform2" id="iform2">
- <?php
-
+ <?php
+
//echo "<pre>";
//print_r ($a_dialplan_includes);
//echo "</pre>";
-
- //if ($savemsg) print_info_box($savemsg);
+
+ //if ($savemsg) print_info_box($savemsg);
//if (file_exists($d_hostsdirty_path)): echo"<p>";
//print_info_box_np("The FreeSWITCH recordings have been changed.<br>You must apply the changes in order for them to take effect.");
//echo"<br />";
- //endif;
-
+ //endif;
+
?>
-
-
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
+
+
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td><p><span class="vexpl"><span class="red"><strong>Conditions and Actions<br />
</strong></span>
- The following conditions, actions and anti-actions are used in the dialplan to direct call flow. Each is processed in order until you reach the action tag which tells FreeSWITCH what action to perform. You are not limited to only one condition or action tag for a given extension.
+ The following conditions, actions and anti-actions are used in the dialplan to direct call flow. Each is processed in order until you reach the action tag which tells FreeSWITCH what action to perform. You are not limited to only one condition or action tag for a given extension.
</span></p></td>
</tr>
</table>
<br />
-
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="20%" class="listhdrr">Tag</td>
@@ -358,13 +344,13 @@ include("head.inc");
</tr>
</table>
</td>
- </tr>
-
- <?php
-
+ </tr>
+
+ <?php
+
$i = 0;
if (count($a_dialplan_include_details) > 0) {
-
+
foreach ($a_dialplan_include_details as $ent) {
if ($ent['tag'] == "condition" && $dialplanincludeid == $ent['dialplanincludeid']) {
?>
@@ -377,7 +363,7 @@ include("head.inc");
</td>
<td class="listr" ondblclick="document.location='freeswitch_dialplan_includes_details_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';">
<?=$ent['fielddata'];?>&nbsp;
- </td>
+ </td>
<td valign="middle" nowrap class="list">
<table border="0" cellspacing="0" cellpadding="1">
<tr>
@@ -387,15 +373,15 @@ include("head.inc");
</table>
</td>
</tr>
- <?php
+ <?php
}
- $i++;
+ $i++;
}
}
-
+
$i = 0;
if (count($a_dialplan_include_details) > 0) {
-
+
foreach ($a_dialplan_include_details as $ent) {
if ($ent['tag'] == "action" && $dialplanincludeid == $ent['dialplanincludeid']) {
?>
@@ -408,7 +394,7 @@ include("head.inc");
</td>
<td class="listr" ondblclick="document.location='freeswitch_dialplan_includes_details_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';">
<?=$ent['fielddata'];?>&nbsp;
- </td>
+ </td>
<td valign="middle" nowrap class="list">
<table border="0" cellspacing="0" cellpadding="1">
<tr>
@@ -418,15 +404,15 @@ include("head.inc");
</table>
</td>
</tr>
- <?php
+ <?php
}
- $i++;
+ $i++;
}
}
-
+
$i = 0;
if (count($a_dialplan_include_details) > 0) {
-
+
foreach ($a_dialplan_include_details as $ent) {
if ($ent['tag'] == "anti-action" && $dialplanincludeid == $ent['dialplanincludeid']) {
?>
@@ -439,7 +425,7 @@ include("head.inc");
</td>
<td class="listr" ondblclick="document.location='freeswitch_dialplan_includes_details_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';">
<?=$ent['fielddata'];?>&nbsp;
- </td>
+ </td>
<td valign="middle" nowrap class="list">
<table border="0" cellspacing="0" cellpadding="1">
<tr>
@@ -449,15 +435,15 @@ include("head.inc");
</table>
</td>
</tr>
- <?php
+ <?php
}
- $i++;
+ $i++;
}
}
-
+
$i = 0;
if (count($a_dialplan_include_details) > 0) {
-
+
foreach ($a_dialplan_include_details as $ent) {
if ($ent['tag'] == "param" && $dialplanincludeid == $ent['dialplanincludeid']) {
?>
@@ -470,7 +456,7 @@ include("head.inc");
</td>
<td class="listr" ondblclick="document.location='freeswitch_dialplan_includes_details_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&dialplanincludeid=<?=$dialplanincludeid;?>';">
<?=$ent['fielddata'];?>&nbsp;
- </td>
+ </td>
<td valign="middle" nowrap class="list">
<table border="0" cellspacing="0" cellpadding="1">
<tr>
@@ -480,11 +466,11 @@ include("head.inc");
</table>
</td>
</tr>
- <?php
+ <?php
}
- $i++;
+ $i++;
}
- }
+ }
?>
<tr>
<td class="list" colspan="3"></td>
@@ -504,14 +490,14 @@ include("head.inc");
<td class="list"></td>
</tr>
</table>
-
+
</form>
-
-
+
+
+ <br>
<br>
- <br>
</td>
</tr>
diff --git a/config/freeswitch/freeswitch_extensions.tmp b/config/freeswitch/freeswitch_extensions.tmp
index ca6f3d73..8ef415fd 100755..100644
--- a/config/freeswitch/freeswitch_extensions.tmp
+++ b/config/freeswitch/freeswitch_extensions.tmp
@@ -4,7 +4,7 @@
freeswitch_extensions.php
Copyright (C) 2008 Mark J Crane
All rights reserved.
-
+
FreeSWITCH (TM)
http://www.freeswitch.org/
@@ -38,7 +38,8 @@ $a_extensions = &$config['installedpackages']['freeswitchextensions']['confi
if ($_GET['act'] == "del") {
if ($_GET['type'] == 'extensions') {
- if ($a_extensions[$_GET['id']]) {
+ if ($a_extensions[$_GET['id']]) {
+ unlink("/usr/local/freeswitch/conf/directory/default/".$_GET['extension'].".xml");
unset($a_extensions[$_GET['id']]);
write_config();
header("Location: freeswitch_extensions.php");
@@ -60,21 +61,8 @@ include("head.inc");
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
<?php
-
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=freeswitch.xml&amp;id=0");
- $tab_array[] = array(gettext("Dialplan"), false, "/freeswitch/freeswitch_dialplan_includes.php");
- $tab_array[] = array(gettext("Extensions"), true, "/freeswitch/freeswitch_extensions.php");
- $tab_array[] = array(gettext("External"), false, "/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0");
- $tab_array[] = array(gettext("Gateways"), false, "/freeswitch/freeswitch_gateways.php");
- $tab_array[] = array(gettext("Internal"), false, "/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0");
- $tab_array[] = array(gettext("IVR"), false, "/freeswitch/freeswitch_ivr.php");
- $tab_array[] = array(gettext("Modules"), false, "/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0");
- $tab_array[] = array(gettext("Public"), false, "/freeswitch/freeswitch_public_includes.php");
- $tab_array[] = array(gettext("Rec"), false, "/freeswitch/freeswitch_recordings.php");
- $tab_array[] = array(gettext("Status"), false, "/freeswitch/freeswitch_status.php");
- $tab_array[] = array(gettext("Vars"), false, "/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0");
- display_top_tabs($tab_array);
+
+display_top_tabs(build_menu());
?>
</td></tr>
@@ -85,21 +73,21 @@ include("head.inc");
<td class="tabcont" >
<form action="freeswitch_extensions.php" method="post" name="iform" id="iform">
-<?php
+<?php
if ($config_change == 1) {
write_config();
- $config_change = 0;
+ $config_change = 0;
}
-//if ($savemsg) print_info_box($savemsg);
+//if ($savemsg) print_info_box($savemsg);
//if (file_exists($d_hostsdirty_path)): echo"<p>";
//print_info_box_np("The FreeSWITCH extensions have been changed.<br>You must apply the changes in order for them to take effect.");
//echo"<br />";
-//endif;
+//endif;
?>
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td><p><span class="vexpl"><span class="red"><strong>Extensions<br>
</strong></span>
@@ -128,46 +116,66 @@ if ($config_change == 1) {
</tr>
- <?php
-
+ <?php
+
+ //create a temporary id for the array
+ $i = 0;
+ if (count($a_extensions) > 0) {
+ foreach ($a_extensions as $ent) {
+ $a_extensions[$i]['id'] = $i;
+ $i++;
+ }
+ }
+
+ //order the array
+ function cmp_number($a, $b) {
+ if ($a["extension"] > $b["extension"]) {
+ return 1;
+ }
+ else {
+ return 0;
+ }
+ }
+ if (count($a_extensions) > 0) { usort($a_extensions, "cmp_number"); }
+
$i = 0;
if (count($a_extensions) > 0) {
foreach ($a_extensions as $ent) {
-
+
?>
<tr>
- <td class="listr" ondblclick="document.location='freeswitch_extensions_edit.php?id=<?=$i;?>';">
+ <td class="listr" ondblclick="document.location='freeswitch_extensions_edit.php?id=<?=$ent['id'];?>';">
<?=$ent['extension'];?>&nbsp;
- </td>
- <td class="listr" ondblclick="document.location='freeswitch_extensions_edit.php?id=<?=$i;?>';">
+ </td>
+ <td class="listr" ondblclick="document.location='freeswitch_extensions_edit.php?id=<?=$ent['id'];?>';">
<?=$ent['vm-mailto'];?>&nbsp;
</td>
- <td class="listr" ondblclick="document.location='freeswitch_extensions_edit.php?id=<?=$i;?>';">
+ <td class="listr" ondblclick="document.location='freeswitch_extensions_edit.php?id=<?=$ent['id'];?>';">
<?=$ent['callgroup'];?>&nbsp;
- </td>
- <td class="listbg" ondblclick="document.location='freeswitch_extensions_edit.php?id=<?=$i;?>';">
+ </td>
+ <td class="listbg" ondblclick="document.location='freeswitch_extensions_edit.php?id=<?=$ent['id'];?>';">
<font color="#FFFFFF"><?=htmlspecialchars($ent['description']);?>&nbsp;
</td>
<td valign="middle" nowrap class="list">
<table border="0" cellspacing="0" cellpadding="1">
<tr>
- <td valign="middle"><a href="freeswitch_extensions_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td>
- <td><a href="freeswitch_extensions.php?type=extensions&act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td>
+ <td valign="middle"><a href="freeswitch_extensions_edit.php?id=<?=$ent['id'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td>
+ <td><a href="freeswitch_extensions.php?type=extensions&act=del&id=<?=$ent['id'];?>&extension=<?=$ent['extension'];?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td>
</tr>
</table>
</td>
</tr>
- <?php
+ <?php
- $i++;
+ $i++;
}
}
?>
<tr>
<td class="list" colspan="4"></td>
- <td class="list">
+ <td class="list">
<table border="0" cellspacing="0" cellpadding="1">
<tr>
<td width="17"></td>
@@ -183,7 +191,7 @@ if ($config_change == 1) {
<td class="list"></td>
</tr>
</table>
-
+
</form>
@@ -206,4 +214,4 @@ if ($config_change == 1) {
<?php include("fend.inc"); ?>
</body>
-</html>
+</html> \ No newline at end of file
diff --git a/config/freeswitch/freeswitch_extensions.xml b/config/freeswitch/freeswitch_extensions.xml
deleted file mode 100755
index 1e3c13a4..00000000
--- a/config/freeswitch/freeswitch_extensions.xml
+++ /dev/null
@@ -1,225 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
-<packagegui>
- <copyright>
- <![CDATA[
-/* $Id$ */
-/* ========================================================================== */
-/*
-
- freeswitch_extensions.xml
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
-
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 to whom it may belong
- All rights reserved.
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
- ]]>
- </copyright>
- <description>FreeSWITCH is an open source telephony platform designed to facilitate the creation of voice and chat driven products scaling from a soft-phone up to a soft-switch. It can be used as a simple switching engine, a PBX, a media gateway or a media server to host IVR applications using simple scripts or XML to control the callflow.</description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
- <name>freeswitchextensions</name>
- <version>0.1</version>
- <title>FreeSWITCH: Extensions</title>
- <include_file>/usr/local/pkg/freeswitch.inc</include_file>
- <tabs>
- <tab>
- <text>Settings</text>
- <url>/pkg_edit.php?xml=freeswitch.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Dialplan</text>
- <url>/freeswitch/freeswitch_dialplan_includes.php</url>
- </tab>
- <tab>
- <text>Extensions</text>
- <url>/freeswitch/freeswitch_extensions.php</url>
- <active/>
- </tab>
- <tab>
- <text>External</text>
- <url>/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Gateways</text>
- <url>/freeswitch/freeswitch_gateways.php</url>
- </tab>
- <tab>
- <text>Internal</text>
- <url>/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>IVR</text>
- <url>/freeswitch/freeswitch_ivr.php</url>
- </tab>
- <tab>
- <text>Modules</text>
- <url>/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Public</text>
- <url>/freeswitch/freeswitch_public_includes.php</url>
- </tab>
- <tab>
- <text>Rec</text>
- <url>/freeswitch/freeswitch_recordings.php</url>
- </tab>
- <tab>
- <text>Status</text>
- <url>/freeswitch/freeswitch_status.php</url>
- </tab>
- <tab>
- <text>Vars</text>
- <url>/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0</url>
- </tab>
- </tabs>
- <configpath>installedpackages->package->$packagename->configuration->extensions</configpath>
- <adddeleteeditpagefields>
- <columnitem>
- <fielddescr>Extension</fielddescr>
- <fieldname>extension</fieldname>
- </columnitem>
- <columnitem>
- <fielddescr>Mailbox</fielddescr>
- <fieldname>mailbox</fieldname>
- </columnitem>
- <columnitem>
- <fielddescr>Description</fielddescr>
- <fieldname>description</fieldname>
- </columnitem>
- </adddeleteeditpagefields>
- <fields>
- <field>
- <fielddescr>Extension</fielddescr>
- <fieldname>extension</fieldname>
- <description>Enter the extension here. The default configuration expects extension numbers between 1001 -1019. To use additional numbers for the extensions by adjusting the dialplan. In the in the dialplan under name="Local_Extension" adjust the regular expression="^(10[01][0-9])$".</description>
- <type>input</type>
- </field>
- <field>
- <fielddescr>Password</fielddescr>
- <fieldname>password</fieldname>
- <description>Enter the password here.</description>
- <type>input</type>
- </field>
- <field>
- <fielddescr>Mailbox</fielddescr>
- <fieldname>mailbox</fieldname>
- <description>Enter the mailbox here. Example: extension 1001 then mailbox 1001</description>
- <type>input</type>
- </field>
- <field>
- <fielddescr>Voicemail Password</fielddescr>
- <fieldname>vm-password</fieldname>
- <description>Enter the voicemail password here.</description>
- <type>input</type>
- </field>
- <field>
- <fielddescr>Account Code</fielddescr>
- <fieldname>accountcode</fieldname>
- <description>Enter the account code here. Example: extension 1001 then accountcode 1001</description>
- <type>input</type>
- </field>
- <field>
- <fielddescr>Effective Caller ID Name</fielddescr>
- <fieldname>effective_caller_id_name</fieldname>
- <description>Enter the effective caller id name here.</description>
- <type>input</type>
- </field>
- <field>
- <fielddescr>Effective Caller ID Number</fielddescr>
- <fieldname>effective_caller_id_number</fieldname>
- <description>Enter the effective caller id number here.</description>
- <type>input</type>
- </field>
- <field>
- <fielddescr>Outbound Caller ID Name</fielddescr>
- <fieldname>outbound_caller_id_name</fieldname>
- <description>Enter the outbound caller id name here.</description>
- <type>input</type>
- </field>
- <field>
- <fielddescr>Outbound Caller ID Number</fielddescr>
- <fieldname>outbound_caller_id_number</fieldname>
- <description>Enter the outbound caller id number here.</description>
- <type>input</type>
- </field>
- <field>
- <fielddescr>Voicemail Mail To</fielddescr>
- <fieldname>vm-mailto</fieldname>
- <description>Optional: Enter the email address to send voicemail to.</description>
- <type>input</type>
- </field>
- <field>
- <fielddescr>Voicemail Attach File</fielddescr>
- <fieldname>vm-attach-file</fieldname>
- <description>Choose whether to attach the file to the email.</description>
- <type>select</type>
- <options>
- <option>
- <name>true</name>
- <value>true</value>
- </option>
- <option>
- <name>false</name>
- <value>false</value>
- </option>
- </options>
- </field>
-
- <field>
- <fielddescr>User Context</fielddescr>
- <fieldname>user_context</fieldname>
- <description>Enter the user context here. Example: default</description>
- <type>input</type>
- </field>
- <field>
- <fielddescr>Extension Description</fielddescr>
- <fieldname>description</fieldname>
- <description>Enter the description of the extension here.</description>
- <type>input</type>
- </field>
- </fields>
- <custom_add_php_command>
- </custom_add_php_command>
- <custom_php_resync_config_command>
- sync_package_freeswitch_extensions();
- </custom_php_resync_config_command>
- <custom_delete_php_command>
- sync_package_freeswitch_extensions();
- </custom_delete_php_command>
- <custom_php_deinstall_command>
- </custom_php_deinstall_command>
-</packagegui> \ No newline at end of file
diff --git a/config/freeswitch/freeswitch_extensions_edit.tmp b/config/freeswitch/freeswitch_extensions_edit.tmp
index aeaaf4bc..deb7a597 100755..100644
--- a/config/freeswitch/freeswitch_extensions_edit.tmp
+++ b/config/freeswitch/freeswitch_extensions_edit.tmp
@@ -1,24 +1,23 @@
-<?php
+<?php
/* $Id$ */
/*
-
freeswitch_extensions_edit.php
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
-
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -96,7 +95,7 @@ if ($_POST) {
$a_extensions[$id] = $ent;
}
else {
- //add
+ //add
$a_extensions[] = $ent;
}
@@ -132,21 +131,8 @@ function show_advanced_config() {
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
<?php
-
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=freeswitch.xml&amp;id=0");
- $tab_array[] = array(gettext("Dialplan"), false, "/freeswitch/freeswitch_dialplan_includes.php");
- $tab_array[] = array(gettext("Extensions"), true, "/freeswitch/freeswitch_extensions.php");
- $tab_array[] = array(gettext("External"), false, "/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0");
- $tab_array[] = array(gettext("Gateways"), false, "/freeswitch/freeswitch_gateways.php");
- $tab_array[] = array(gettext("Internal"), false, "/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0");
- $tab_array[] = array(gettext("IVR"), false, "/freeswitch/freeswitch_ivr.php");
- $tab_array[] = array(gettext("Modules"), false, "/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0");
- $tab_array[] = array(gettext("Public"), false, "/freeswitch/freeswitch_public_includes.php");
- $tab_array[] = array(gettext("Rec"), false, "/freeswitch/freeswitch_recordings.php");
- $tab_array[] = array(gettext("Status"), false, "/freeswitch/freeswitch_status.php");
- $tab_array[] = array(gettext("Vars"), false, "/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0");
- display_top_tabs($tab_array);
+
+display_top_tabs(build_menu());
?>
</td></tr>
@@ -156,64 +142,64 @@ function show_advanced_config() {
<td class="tabcont" >
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td><p><span class="vexpl"><span class="red"><strong>Extension Setup<br>
</strong></span>
- /usr/local/freeswitch/conf/directory/default/
+ /usr/local/freeswitch/conf/directory/default/
</p></td>
</tr>
</table>
<br />
-
+
<form action="freeswitch_extensions_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td width="25%" valign="top" class="vncellreq">Extension</td>
- <td width="75%" class="vtable">
+ <td width="75%" class="vtable">
<input name="extension" type="text" class="formfld unknown" id="extension" size="40" value="<?=htmlspecialchars($pconfig['extension']);?>">
<br><span class="vexpl">Enter the extension here. The default configuration expects extension numbers between 1000 -1019. To use 3 digit extensions adjust the dialplan 'default.xml' under name="Local_Extension" change the regular expression="^(10[01][0-9])$" to expression="^(\d{3})$".<br></span>
</td>
- </tr>
+ </tr>
<tr>
<td width="25%" valign="top" class="vncellreq">Password</td>
- <td width="75%" class="vtable">
+ <td width="75%" class="vtable">
<input name="password" type="password" class="formfld pwd" id="password" size="40" value="<?=htmlspecialchars($pconfig['password']);?>">
<br><span class="vexpl">Enter the password here.<br></span>
</td>
- </tr>
+ </tr>
<tr>
<td width="25%" valign="top" class="vncellreq">Mailbox</td>
- <td width="75%" class="vtable">
+ <td width="75%" class="vtable">
<input name="mailbox" type="text" class="formfld unknown" id="mailbox" size="40" value="<?=htmlspecialchars($pconfig['mailbox']);?>">
<br><span class="vexpl">Enter the mailbox here. Example: extension 1001 then mailbox 1001<br></span>
</td>
</tr>
<tr>
<td width="25%" valign="top" class="vncellreq">Voicemail Password</td>
- <td width="75%" class="vtable">
+ <td width="75%" class="vtable">
<input name="vm-password" type="password" class="formfld pwd" id="vm-password" size="40" value="<?=htmlspecialchars($pconfig['vm-password']);?>">
<br><span class="vexpl">Enter the voicemail password here.<br></span>
</td>
</tr>
<tr>
<td width="25%" valign="top" class="vncellreq">Account Code</td>
- <td width="75%" class="vtable">
+ <td width="75%" class="vtable">
<input name="accountcode" type="text" class="formfld unknown" id="accountcode" size="40" value="<?=htmlspecialchars($pconfig['accountcode']);?>">
<br><span class="vexpl">Enter the account code here. Example: extension 1001 then accountcode 1001<br></span>
</td>
</tr>
<tr>
<td width="25%" valign="top" class="vncellreq" nowrap>Effective Caller ID Name</td>
- <td width="75%" class="vtable">
+ <td width="75%" class="vtable">
<input name="effective_caller_id_name" type="text" class="formfld unknown" id="effective_caller_id_name" size="40" value="<?=htmlspecialchars($pconfig['effective_caller_id_name']);?>">
<br><span class="vexpl">Enter the effective caller id name here.<br></span>
</td>
</tr>
<tr>
<td width="25%" valign="top" class="vncellreq" nowrap>Effective Caller ID Number</td>
- <td width="75%" class="vtable">
+ <td width="75%" class="vtable">
<input name="effective_caller_id_number" type="text" class="formfld unknown" id="effective_caller_id_number" size="40" value="<?=htmlspecialchars($pconfig['effective_caller_id_number']);?>">
<br><span class="vexpl">Enter the effective caller id number here.<br></span>
</td>
@@ -221,14 +207,14 @@ function show_advanced_config() {
<!--
<tr>
<td width="25%" valign="top" class="vncellreq" nowrap>Outbound Caller ID Name</td>
- <td width="75%" class="vtable">
+ <td width="75%" class="vtable">
<input name="outbound_caller_id_name" type="text" class="formfld unknown" id="outbound_caller_id_name" size="40" value="<?=htmlspecialchars($pconfig['outbound_caller_id_name']);?>">
<br><span class="vexpl">Enter the outbound caller id name here.<br></span>
</td>
</tr>
<tr>
<td width="25%" valign="top" class="vncellreq" nowrap>Outbound Caller ID Number</td>
- <td width="75%" class="vtable">
+ <td width="75%" class="vtable">
<input name="outbound_caller_id_number" type="text" class="formfld unknown" id="outbound_caller_id_number" size="40" value="<?=htmlspecialchars($pconfig['outbound_caller_id_number']);?>">
<br><span class="vexpl">Enter the outbound caller id number here.<br></span>
</td>
@@ -236,15 +222,15 @@ function show_advanced_config() {
-->
<tr>
<td width="25%" valign="top" class="vncellreq" nowrap>Voicemail Mail To</td>
- <td width="75%" class="vtable">
+ <td width="75%" class="vtable">
<input name="vm-mailto" type="text" class="formfld unknown" id="vm-mailto" size="40" value="<?=htmlspecialchars($pconfig['vm-mailto']);?>">
<br><span class="vexpl">Optional: Enter the email address to send voicemail to.<br></span>
</td>
</tr>
<tr>
<td width="25%" valign="top" class="vncellreq" nowrap>Voicemail Attach File</td>
- <td width="75%" class="vtable">
- <?php
+ <td width="75%" class="vtable">
+ <?php
echo " <select name='vm-attach-file' class='formfld unknown'>\n";
echo " <option></option>\n";
switch (htmlspecialchars($pconfig['vm-attach-file'])) {
@@ -262,31 +248,31 @@ function show_advanced_config() {
echo " <option value='false'>false</option>\n";
}
echo " </select>\n";
- ?>
+ ?>
Choose whether to attach the file to the email.
</td>
</tr>
<tr>
<td width="25%" valign="top" class="vncellreq">User Context</td>
- <td width="75%" class="vtable">
+ <td width="75%" class="vtable">
<input name="user_context" type="text" class="formfld unknown" id="user_context" size="40" value="<?=htmlspecialchars($pconfig['user_context']);?>">
<br><span class="vexpl">Enter the user context here. Example: default<br></span>
</td>
</tr>
<tr>
<td width="25%" valign="top" class="vncellreq">Call Group</td>
- <td width="75%" class="vtable">
+ <td width="75%" class="vtable">
<input name="callgroup" type="text" class="formfld unknown" id="callgroup" size="40" value="<?=htmlspecialchars($pconfig['callgroup']);?>">
<br><span class="vexpl">Enter the user call group here. Example: sales, support<br></span>
</td>
- </tr>
+ </tr>
</table>
-
+
<div id="showadvancedbox">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td width="25%" valign="top" class="vncell">Show Advanced</td>
- <td width="75%" class="vtable">
+ <td width="75%" class="vtable">
<input type="button" onClick="show_advanced_config()" value="Advanced"></input></a>
</td>
</tr>
@@ -296,25 +282,25 @@ function show_advanced_config() {
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td width="25%" valign="top" class="vncell">Auth-ACL</td>
- <td width="75%" class="vtable">
+ <td width="75%" class="vtable">
<input name="auth-acl" type="text" class="formfld unknown" id="auth-acl" size="40" value="<?=htmlspecialchars($pconfig['auth-acl']);?>">
<br> <span class="vexpl">Enter the auth acl here.<br></span>
</td>
</tr>
<tr>
<td valign="top" class="vncell">CIDR</td>
- <td class="vtable">
+ <td class="vtable">
<input name="cidr" type="text" class="formfld unknown" id="cidr" size="40" value="<?=htmlspecialchars($pconfig['cidr']);?>">
<br> <span class="vexpl">Enter the cidr here.<br></span>
</td>
- </tr>
- </table>
+ </tr>
+ </table>
</div>
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td width="25%" valign="top" class="vncellreq">Extension Description</td>
- <td width="75%" class="vtable">
+ <td width="75%" class="vtable">
<input name="description" type="text" class="formfld unknown" id="description" size="40" value="<?=htmlspecialchars($pconfig['description']);?>">
<br><span class="vexpl">Enter the description of the extension here.<br></span>
</td>
diff --git a/config/freeswitch/freeswitch_external.xml b/config/freeswitch/freeswitch_external.xml
deleted file mode 100755
index 7dd2d65b..00000000
--- a/config/freeswitch/freeswitch_external.xml
+++ /dev/null
@@ -1,136 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
-<packagegui>
- <copyright>
- <![CDATA[
-/* $Id$ */
-/* ========================================================================== */
-/*
-
- freeswitch_external.xml
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
-
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 to whom it may belong
- All rights reserved.
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
- ]]>
- </copyright>
- <description>FreeSWITCH is an open source telephony platform designed to facilitate the creation of voice and chat driven products scaling from a soft-phone up to a soft-switch. It can be used as a simple switching engine, a PBX, a media gateway or a media server to host IVR applications using simple scripts or XML to control the callflow.</description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
- <name>freeswitchexternal</name>
- <version>0.1</version>
- <title>FreeSWITCH: External</title>
- <aftersaveredirect>pkg_edit.php?xml=freeswitch_external.xml&amp;id=0</aftersaveredirect>
- <include_file>/usr/local/pkg/freeswitch.inc</include_file>
- <tabs>
- <tab>
- <text>Settings</text>
- <url>/pkg_edit.php?xml=freeswitch.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Dialplan</text>
- <url>/freeswitch/freeswitch_dialplan_includes.php</url>
- </tab>
- <tab>
- <text>Extensions</text>
- <url>/freeswitch/freeswitch_extensions.php</url>
- </tab>
- <tab>
- <text>External</text>
- <url>/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0</url>
- <active/>
- </tab>
- <tab>
- <text>Gateways</text>
- <url>/freeswitch/freeswitch_gateways.php</url>
- </tab>
- <tab>
- <text>Internal</text>
- <url>/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>IVR</text>
- <url>/freeswitch/freeswitch_ivr.php</url>
- </tab>
- <tab>
- <text>Modules</text>
- <url>/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Public</text>
- <url>/freeswitch/freeswitch_public_includes.php</url>
- </tab>
- <tab>
- <text>Rec</text>
- <url>/freeswitch/freeswitch_recordings.php</url>
- </tab>
- <tab>
- <text>Status</text>
- <url>/freeswitch/freeswitch_status.php</url>
- </tab>
- <tab>
- <text>Vars</text>
- <url>/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0</url>
- </tab>
- </tabs>
- <configpath>installedpackages->package->$packagename->configuration->freeswitchexternal</configpath>
- <fields>
- <field>
- <fielddescr>&lt;b&gt;External&lt;/b&gt; &lt;br /&gt; &lt;br /&gt;SIP external profile for outbound registrations.</fielddescr>
- <fieldname>external_xml</fieldname>
- <description>&lt;br /&gt;Path: /usr/local/freeswitch/conf/sip_profiles/external.xml &lt;br /&gt;&lt;br /&gt;</description>
- <type>textarea</type>
- <encoding>base64</encoding>
- <wrap>off</wrap>
- <size>30</size>
- <cols>70</cols>
- <rows>33</rows>
- </field>
- </fields>
- <custom_php_command_before_form>
- </custom_php_command_before_form>
- <custom_php_after_head_command>
- sync_package_freeswitch_external();
- </custom_php_after_head_command>
- <custom_php_after_form_command>
- </custom_php_after_form_command>
- <custom_php_validation_command>
- </custom_php_validation_command>
- <custom_php_resync_config_command>
- sync_package_freeswitch_external();
- </custom_php_resync_config_command>
-</packagegui> \ No newline at end of file
diff --git a/config/freeswitch/freeswitch_features.tmp b/config/freeswitch/freeswitch_features.tmp
new file mode 100644
index 00000000..c55e4aa4
--- /dev/null
+++ b/config/freeswitch/freeswitch_features.tmp
@@ -0,0 +1,187 @@
+<?php
+/* $Id$ */
+/*
+ freeswitch_extensions.php
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+require("/usr/local/pkg/freeswitch.inc");
+
+$a_extensions = &$config['installedpackages']['freeswitchextensions']['config'];
+
+
+if ($_GET['act'] == "del") {
+ if ($_GET['type'] == 'extensions') {
+ if ($a_extensions[$_GET['id']]) {
+ unset($a_extensions[$_GET['id']]);
+ write_config();
+ header("Location: freeswitch_extensions.php");
+ exit;
+ }
+ }
+}
+
+include("head.inc");
+
+?>
+
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">FreeSWITCH: Extensions</p>
+
+<div id="mainlevel">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td class="tabnavtbl">
+<?php
+
+display_top_tabs(build_menu());
+
+?>
+</td></tr>
+</table>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="tabcont" >
+ <!--
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td><p><span class="vexpl"><span class="red"><strong>Features<br>
+ </strong></span>
+ List of a few of the features.
+ </p></td>
+ </tr>
+ </table>
+ <br />-->
+
+ <br />
+ <br />
+
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td class="listtopic" colspan='2'>Auto Attendant</td>
+ </tr>
+ <tr>
+ <td width='10%' class="vncell"><a href='freeswitch_ivr.php'>Open</a></td>
+ <td class="vtable">
+ An interactive voice response (IVR) often refered to as an Auto Attendant.
+ It associates a recording to multiple options that can be used to direct
+ calls to extensions, voicemail, queues, other IVR applications, and external
+ phone numbers.
+ </td>
+ </tr>
+ </table>
+
+ <br />
+ <br />
+
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td class="listtopic" colspan='2'>Direct Inward System Access</td>
+ </tr>
+ <tr>
+ <td width='10%' class="vncell"></td>
+ <td class="vtable">
+ Direct Inward System Access (DISA) allows inbound callers to make internal or external calls. For security reasons it is disabled by default.
+ To enable it first set a secure pin number from the Settings->Admin PIN Number.
+ Then go to Dialplan tab and find the DISA entry and edit it to set 'Enabled' to 'true'.
+ To use DISA dial *3427 (disa) enter the admin pin code and the extension or phone number you wish to call.
+ </td>
+ </tr>
+ </table>
+
+ <br />
+ <br />
+
+
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td class="listtopic" colspan='2'>Modules</td>
+ </tr>
+ <tr>
+ <td width='10%' class="vncell"><a href='/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0'>Open</a></td>
+ <td class="vtable">
+ Modules add additional features and can be enabled or disabled to provide the desired features.
+ </td>
+ </tr>
+ </table>
+
+ <br />
+ <br />
+
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td class="listtopic" colspan='2'>Music on Hold</td>
+ </tr>
+ <tr>
+ <td width='10%' class="vncell"><a href='freeswitch_recordings.php'>Open</a></td>
+ <td class="vtable">
+ Music on hold can be in WAV or MP3 format. To play an MP3 files you must have mod_shout enabled on the 'Modules' tab.
+ For best performance upload 16bit 8khz/16khz Mono WAV files.
+ </td>
+ </tr>
+ </table>
+
+ <br />
+ <br />
+
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td class="listtopic" colspan='2'>Recordings</td>
+ </tr>
+ <tr>
+ <td width='10%' class="vncell"><a href='freeswitch_recordings.php'>Open</a></td>
+ <td class="vtable">
+ To make a recording dial *732673 (record) or you can make a 16bit 8khz/16khz
+ Mono WAV file then copy it to the following directory then refresh the page to play
+ it back. Click on the 'Filename' to download it or the 'Recording Name' to play the audio.
+ </td>
+ </tr>
+ </table>
+
+<br />
+<br />
+<br />
+<br />
+<br />
+<br />
+<br />
+<br />
+
+</td>
+</tr>
+</table>
+
+</div>
+
+
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/freeswitch/freeswitch_gateways.tmp b/config/freeswitch/freeswitch_gateways.tmp
index 75718a7c..279be301 100755..100644
--- a/config/freeswitch/freeswitch_gateways.tmp
+++ b/config/freeswitch/freeswitch_gateways.tmp
@@ -2,11 +2,11 @@
/* $Id$ */
/*
freeswitch_gateways.php
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -38,7 +38,8 @@ $a_gateways = &$config['installedpackages']['freeswitchgateways']['config'];
if ($_GET['act'] == "del") {
if ($_GET['type'] == 'gateways') {
- if ($a_gateways[$_GET['id']]) {
+ if ($a_gateways[$_GET['id']]) {
+ unlink("/usr/local/freeswitch/conf/sip_profiles/external/".$_GET['gateway'].".xml");
unset($a_gateways[$_GET['id']]);
write_config();
header("Location: freeswitch_gateways.php");
@@ -60,21 +61,8 @@ include("head.inc");
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
<?php
-
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=freeswitch.xml&amp;id=0");
- $tab_array[] = array(gettext("Dialplan"), false, "/freeswitch/freeswitch_dialplan_includes.php");
- $tab_array[] = array(gettext("Extensions"), false, "/freeswitch/freeswitch_extensions.php");
- $tab_array[] = array(gettext("External"), false, "/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0");
- $tab_array[] = array(gettext("Gateways"), true, "/freeswitch/freeswitch_gateways.php");
- $tab_array[] = array(gettext("Internal"), false, "/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0");
- $tab_array[] = array(gettext("IVR"), false, "/freeswitch/freeswitch_ivr.php");
- $tab_array[] = array(gettext("Modules"), false, "/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0");
- $tab_array[] = array(gettext("Public"), false, "/freeswitch/freeswitch_public_includes.php");
- $tab_array[] = array(gettext("Rec"), false, "/freeswitch/freeswitch_recordings.php");
- $tab_array[] = array(gettext("Status"), false, "/freeswitch/freeswitch_status.php");
- $tab_array[] = array(gettext("Vars"), false, "/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0");
- display_top_tabs($tab_array);
+
+display_top_tabs(build_menu());
?>
</td></tr>
@@ -85,21 +73,21 @@ include("head.inc");
<td class="tabcont" >
<form action="freeswitch_gateways.php" method="post" name="iform" id="iform">
-<?php
+<?php
if ($config_change == 1) {
write_config();
- $config_change = 0;
+ $config_change = 0;
}
-//if ($savemsg) print_info_box($savemsg);
+//if ($savemsg) print_info_box($savemsg);
//if (file_exists($d_hostsdirty_path)): echo"<p>";
//print_info_box_np("The FreeSWITCH gateways have been changed.<br>You must apply the changes in order for them to take effect.");
//echo"<br />";
-//endif;
+//endif;
?>
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td><p><span class="vexpl"><span class="red"><strong>Gateways<br>
</strong></span>
@@ -108,7 +96,7 @@ if ($config_change == 1) {
</tr>
</table>
<br />
-
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="20%" class="listhdrr">Gateway</td>
@@ -128,46 +116,60 @@ if ($config_change == 1) {
</tr>
- <?php
-
+ <?php
+ //create a temporary id for the array
+ $i = 0;
+ if (count($a_gateways) > 0) {
+ foreach ($a_gateways as $ent) {
+ $a_gateways[$i]['id'] = $i;
+ $i++;
+ }
+ }
+
+ //order the array
+ function cmp_string($a, $b) {
+ return strcmp($a["gateway"], $b["gateway"]);
+ }
+ if (count($a_gateways) > 0) { usort($a_gateways, "cmp_string"); }
+
$i = 0;
if (count($a_gateways) > 0) {
foreach ($a_gateways as $ent) {
-
+
?>
<tr>
- <td class="listr" ondblclick="document.location='freeswitch_gateways_edit.php?id=<?=$i;?>';">
+ <td class="listr" ondblclick="document.location='freeswitch_gateways_edit.php?id=<?=$ent['id'];?>';">
<?=$ent['gateway'];?>&nbsp;
- </td>
- <td class="listr" ondblclick="document.location='freeswitch_gateways_edit.php?id=<?=$i;?>';">
+ </td>
+ <td class="listr" ondblclick="document.location='freeswitch_gateways_edit.php?id=<?=$ent['id'];?>';">
<?=$ent['context'];?>&nbsp;
</td>
- <td class="listr" ondblclick="document.location='freeswitch_gateways_edit.php?id=<?=$i;?>';">
+ <td class="listr" ondblclick="document.location='freeswitch_gateways_edit.php?id=<?=$ent['id'];?>';">
<?=$ent['enabled'];?>&nbsp;
- </td>
- <td class="listbg" ondblclick="document.location='freeswitch_gateways_edit.php?id=<?=$i;?>';">
+ </td>
+ <td class="listbg" ondblclick="document.location='freeswitch_gateways_edit.php?id=<?=$ent['id'];?>';">
<font color="#FFFFFF"><?=htmlspecialchars($ent['description']);?>&nbsp;
</td>
<td valign="middle" nowrap class="list">
<table border="0" cellspacing="0" cellpadding="1">
<tr>
- <td valign="middle"><a href="freeswitch_gateways_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td>
- <td><a href="freeswitch_gateways.php?type=gateways&act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td>
+ <td valign="middle"><a href="freeswitch_gateways_edit.php?id=<?=$ent['id'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td>
+ <td><a href="freeswitch_gateways.php?type=gateways&act=del&id=<?=$ent['id'];?>&gateway=<?=$ent['gateway'];?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td>
</tr>
</table>
</td>
</tr>
- <?php
+ <?php
- $i++;
+ $i++;
}
}
?>
<tr>
<td class="list" colspan="4"></td>
- <td class="list">
+ <td class="list">
<table border="0" cellspacing="0" cellpadding="1">
<tr>
<td width="17"></td>
@@ -183,7 +185,7 @@ if ($config_change == 1) {
<td class="list"></td>
</tr>
</table>
-
+
</form>
@@ -206,4 +208,4 @@ if ($config_change == 1) {
<?php include("fend.inc"); ?>
</body>
-</html>
+</html> \ No newline at end of file
diff --git a/config/freeswitch/freeswitch_gateways_edit.tmp b/config/freeswitch/freeswitch_gateways_edit.tmp
index 030f88cf..ea2b7efe 100755..100644
--- a/config/freeswitch/freeswitch_gateways_edit.tmp
+++ b/config/freeswitch/freeswitch_gateways_edit.tmp
@@ -1,24 +1,24 @@
-<?php
+<?php
/* $Id$ */
/*
freeswitch_gateways_edit.php
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
-
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -104,7 +104,7 @@ if ($_POST) {
$a_gateways[$id] = $ent;
}
else {
- //add
+ //add
$a_gateways[] = $ent;
}
@@ -115,46 +115,46 @@ if ($_POST) {
$gatewayid = $_POST['gatewayid'];
$gateway = $_POST['gateway'];
$context = $_POST['context'];
-
+
$default_area_code = &$config['installedpackages']['freeswitchsettings']['config'][0]['default_area_code'];
$a_dialplan_includes = &$config['installedpackages']['freeswitchdialplanincludes']['config'];
- $a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config'];
+ $a_dialplan_include_details = &$config['installedpackages']['freeswitchdialplanincludedetails']['config'];
-
+
$tmp_array = split("\\\n", $_POST['dialplan_expression']);
foreach($tmp_array as $dialplan_expression) {
-
+
$dialplan_expression = trim($dialplan_expression);
if (strlen($dialplan_expression)>0) {
-
- switch ($dialplan_expression) {
+
+ switch ($dialplan_expression) {
case "^(\d{7})$":
$action_data = "sofia/gateway/".$gateway."/1".$default_area_code."\$1";
$label = "7 digits";
- $abbrv = "7d";
- break;
+ $abbrv = "7d";
+ break;
case "^(\d{10})$":
$action_data = "sofia/gateway/".$gateway."/1\$1";
$label = "10 digits";
- $abbrv = "10d";
+ $abbrv = "10d";
break;
case "^(\d{11})$":
$action_data = "sofia/gateway/".$gateway."/\$1";
$label = "11 digits";
$abbrv = "11d";
break;
- case "^311$":
+ case "^(311)$":
$action_data = "sofia/gateway/".$gateway."/\$1";
$label = "311";
$abbrv = "311";
break;
- case "^411$":
+ case "^(411)$":
$action_data = "sofia/gateway/".$gateway."/\$1";
- $label = "411";
+ $label = "411";
$abbrv = "411";
- break;
- case "^911$":
+ break;
+ case "^(911)$":
$action_data = "sofia/gateway/".$gateway."/\$1";
$label = "911";
$abbrv = "911";
@@ -162,17 +162,17 @@ if ($_POST) {
case "^9(\d{3})$":
$action_data = "sofia/gateway/".$gateway."/1".$default_area_code."\$1";
$label = "dial 9, 3 digits";
- $abbrv = "9.3d";
+ $abbrv = "9.3d";
break;
case "^9(\d{4})$":
$action_data = "sofia/gateway/".$gateway."/1".$default_area_code."\$1";
$label = "dial 9, 4 digits";
- $abbrv = "9.4d";
- break;
+ $abbrv = "9.4d";
+ break;
case "^9(\d{7})$":
$action_data = "sofia/gateway/".$gateway."/1".$default_area_code."\$1";
$label = "dial 9, 7 digits";
- $abbrv = "9.7d";
+ $abbrv = "9.7d";
break;
case "^9(\d{10})$":
$action_data = "sofia/gateway/".$gateway."/\$1";
@@ -194,39 +194,39 @@ if ($_POST) {
$label = $dialplan_expression;
$abbrv = $dialplan_expression;
}
-
+
$dialplanincludeid = guid();
$ent['dialplanincludeid'] = $dialplanincludeid;
- $ent['extensionname'] = $gateway.".".$abbrv;
- $ent['order'] = '9002'; //if update use the existing order number and extension name and desc
- $ent['context'] = $context;
- $ent['enabled'] = 'true';
- $ent['descr'] = $label.' '.$gateway;
- $ent['opt1name'] = 'gatewayid';
- $ent['opt1value'] = $gatewayid;
- $a_dialplan_includes[] = $ent;
- unset($ent);
+ $ent['extensionname'] = $gateway.".".$abbrv;
+ $ent['order'] = '9002'; //if update use the existing order number and extension name and desc
+ $ent['context'] = $context;
+ $ent['enabled'] = 'true';
+ $ent['descr'] = $label.' '.$gateway;
+ $ent['opt1name'] = 'gatewayid';
+ $ent['opt1value'] = $gatewayid;
+ $a_dialplan_includes[] = $ent;
+ unset($ent);
$ent = array();
$ent['dialplanincludeid'] = $dialplanincludeid;
$ent['tag'] = 'condition'; //condition, action, antiaction
$ent['fieldtype'] = 'destination_number';
$ent['fielddata'] = $dialplan_expression;
- $a_dialplan_include_details[] = $ent;
- unset($ent);
+ $a_dialplan_include_details[] = $ent;
+ unset($ent);
$ent = array();
$ent['dialplanincludeid'] = $dialplanincludeid;
$ent['tag'] = 'action'; //condition, action, antiaction
$ent['fieldtype'] = 'bridge';
$ent['fielddata'] = $action_data;
- $a_dialplan_include_details[] = $ent;
- unset($ent);
-
- unset($label);
- unset($abbrv);
- unset($dialplan_expression);
- unset($action_data);
+ $a_dialplan_include_details[] = $ent;
+ unset($ent);
+
+ unset($label);
+ unset($abbrv);
+ unset($dialplan_expression);
+ unset($action_data);
} //if strlen
} //end for each
}
@@ -273,21 +273,8 @@ function show_advanced_config() {
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
<?php
-
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=freeswitch.xml&amp;id=0");
- $tab_array[] = array(gettext("Dialplan"), false, "/freeswitch/freeswitch_dialplan_includes.php");
- $tab_array[] = array(gettext("Extensions"), false, "/freeswitch/freeswitch_extensions.php");
- $tab_array[] = array(gettext("External"), false, "/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0");
- $tab_array[] = array(gettext("Gateways"), true, "/freeswitch/freeswitch_gateways.php");
- $tab_array[] = array(gettext("Internal"), false, "/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0");
- $tab_array[] = array(gettext("IVR"), false, "/freeswitch/freeswitch_ivr.php");
- $tab_array[] = array(gettext("Modules"), false, "/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0");
- $tab_array[] = array(gettext("Public"), false, "/freeswitch/freeswitch_public_includes.php");
- $tab_array[] = array(gettext("Rec"), false, "/freeswitch/freeswitch_recordings.php");
- $tab_array[] = array(gettext("Status"), false, "/freeswitch/freeswitch_status.php");
- $tab_array[] = array(gettext("Vars"), false, "/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0");
- display_top_tabs($tab_array);
+
+display_top_tabs(build_menu());
?>
</td></tr>
@@ -297,7 +284,7 @@ function show_advanced_config() {
<td class="tabcont" >
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td><p><span class="vexpl"><span class="red"><strong>Gateway Setup<br>
</strong></span>
@@ -307,69 +294,69 @@ function show_advanced_config() {
</tr>
</table>
<br />
-
+
<form action="freeswitch_gateways_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td width="22%" valign="top" class="vncellreq">Gateway</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="gateway" type="text" class="formfld" id="gateway" size="40" value="<?=htmlspecialchars($pconfig['gateway']);?>">
<br><span class="vexpl">Enter the gateway name here.<br></span>
</td>
- </tr>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Username</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="username" type="text" class="formfld" id="username" size="40" value="<?=htmlspecialchars($pconfig['username']);?>">
<br><span class="vexpl">Enter the username here.<br></span>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Password</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="password" type="password" class="formfld" id="password" size="40" value="<?=htmlspecialchars($pconfig['password']);?>">
<br><span class="vexpl">Enter the password here.<br></span>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">From-user</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="from-user" type="text" class="formfld" id="from-user" size="40" value="<?=htmlspecialchars($pconfig['from-user']);?>">
<br><span class="vexpl">Enter the from-user here.<br></span>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">From-domain</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="from-domain" type="text" class="formfld" id="from-domain" size="40" value="<?=htmlspecialchars($pconfig['from-domain']);?>">
<br><span class="vexpl">Enter the from-domain here.<br></span>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Proxy</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="proxy" type="text" class="formfld" id="proxy" size="40" value="<?=htmlspecialchars($pconfig['proxy']);?>">
<br><span class="vexpl">Enter the proxy here.<br></span>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Realm</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="realm" type="text" class="formfld" id="realm" size="40" value="<?=htmlspecialchars($pconfig['realm']);?>">
<br><span class="vexpl">Enter the realm here.<br></span>
</td>
- </tr>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Expire-seconds</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="expire-seconds" type="text" class="formfld" id="expire-seconds" size="40" value="<?=htmlspecialchars($pconfig['expire-seconds']);?>">
<br><span class="vexpl">Enter the expire-seconds here. Example: 600<br></span>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Register</td>
- <td width="78%" class="vtable">
- <?php
+ <td width="78%" class="vtable">
+ <?php
echo " <select name='register' class='formfld'>\n";
echo " <option></option>\n";
switch (htmlspecialchars($pconfig['register'])) {
@@ -387,32 +374,32 @@ function show_advanced_config() {
echo " <option value='false'>false</option>\n";
}
echo " </select>\n";
- ?>
+ ?>
Choose whether to register.
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Retry-seconds</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="retry-seconds" type="text" class="formfld" id="retry-seconds" size="40" value="<?=htmlspecialchars($pconfig['retry-seconds']);?>">
<br> <span class="vexpl">Enter the retry_seconds here. Example: 30<br></span>
</td>
- </tr>
-
+ </tr>
+
<tr>
<td width="22%" valign="top" class="vncellreq">Context</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="context" type="text" class="formfld" id="context" size="40" value="<?=htmlspecialchars($pconfig['context']);?>">
<br> <span class="vexpl">Enter the context here. Example: public<br></span>
</td>
- </tr>
+ </tr>
</table>
<div id="showadvancedbox">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td width="22%" valign="top" class="vncell">Show Advanced</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input type="button" onClick="show_advanced_config()" value="Advanced"></input></a>
</td>
</tr>
@@ -422,40 +409,46 @@ function show_advanced_config() {
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td width="22%" valign="top" class="vncell">Register-transport</td>
- <td width="78%" class="vtable">
- <?php
+ <td width="78%" class="vtable">
+ <?php
echo " <select name='register-transport' class='formfld'>\n";
echo " <option></option>\n";
switch (htmlspecialchars($pconfig['register-transport'])) {
case "udp":
echo " <option value='udp' selected='yes'>udp</option>\n";
echo " <option value='tcp'>tcp</option>\n";
+ echo " <option value='tls'>tls</option>\n";
break;
case "tcp":
echo " <option value='udp'>udp</option>\n";
echo " <option value='tcp' selected='yes'>tcp</option>\n";
-
+ echo " <option value='tls'>tls</option>\n";
+ case "tls":
+ echo " <option value='udp'>udp</option>\n";
+ echo " <option value='tcp'>tcp</option>\n";
+ echo " <option value='tls' selected='yes'>tls</option>\n";
break;
default:
echo " <option value='udp'>udp</option>\n";
echo " <option value='tcp'>tcp</option>\n";
+ echo " <option value='tls'>tls</option>\n";
}
echo " </select>\n";
- ?>
- Choose whether to register-transport.
+ ?>
+ Choose whether to register-transport.
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell">Extension</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="extension" type="text" class="formfld" id="extension" size="40" value="<?=htmlspecialchars($pconfig['extension']);?>">
<br> <span class="vexpl">Enter the extension here.<br></span>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell">Caller-id-in-from</td>
- <td width="78%" class="vtable">
- <?php
+ <td width="78%" class="vtable">
+ <?php
echo " <select name='caller-id-in-from' class='formfld'>\n";
echo " <option></option>\n";
switch (htmlspecialchars($pconfig['caller-id-in-from'])) {
@@ -466,20 +459,20 @@ function show_advanced_config() {
case "false":
echo " <option value='true'>true</option>\n";
echo " <option value='false' selected='yes'>false</option>\n";
-
+
break;
default:
echo " <option value='true'>true</option>\n";
echo " <option value='false'>false</option>\n";
}
echo " </select>\n";
- ?>
+ ?>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell">Supress-cng</td>
- <td width="78%" class="vtable">
- <?php
+ <td width="78%" class="vtable">
+ <?php
echo " <select name='supress-cng' class='formfld'>\n";
echo " <option></option>\n";
switch (htmlspecialchars($pconfig['supress-cng'])) {
@@ -490,25 +483,25 @@ function show_advanced_config() {
case "false":
echo " <option value='true'>true</option>\n";
echo " <option value='false' selected='yes'>false</option>\n";
-
+
break;
default:
echo " <option value='true'>true</option>\n";
echo " <option value='false'>false</option>\n";
}
echo " </select>\n";
- ?>
+ ?>
</td>
</tr>
</table>
-
+
</div>
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td width="22%" valign="top" class="vncellreq">Enabled</td>
- <td width="78%" class="vtable">
- <?php
+ <td width="78%" class="vtable">
+ <?php
echo " <select name='enabled' class='formfld'>\n";
echo " <option></option>\n";
switch (htmlspecialchars($pconfig['enabled'])) {
@@ -526,10 +519,10 @@ function show_advanced_config() {
echo " <option value='false'>false</option>\n";
}
echo " </select>\n";
- ?>
+ ?>
</td>
</tr>
-
+
<tr>
<td width="22%" valign="top" class="vncell">Dialplan Expression</td>
<td width="78%" class="vtable">
@@ -538,7 +531,7 @@ function show_advanced_config() {
?>
<br>
<select name='dialplan_expression_select' id='dialplan_expression_select' onchange="document.getElementById('dialplan_expression').value += document.getElementById('dialplan_expression_select').value + '\n';" class='formfld'>
- <option></option>
+ <option></option>
<option value='^(\d{7})$'>7 digits local</option>
<option value='^(\d{10})$'>10 digits long distance</option>
<option value='^(\d{11})$'>11 digits long distance</option>
@@ -551,17 +544,17 @@ function show_advanced_config() {
<option value='^9(\d{4})$'>Dial 9 then 4 digits</option>
<option value='^9(\d{7})$'>Dial 9 then 7 digits</option>
<option value='^9(\d{10})$'>Dial 9 then 10 digits</option>
- <option value='^9(\d{11})$'>Dial 9 then 11 digits</option>
+ <option value='^9(\d{11})$'>Dial 9 then 11 digits</option>
</select>
<span class="vexpl">
<br />
- Shortcut to create the outbound dialplan entries for this Gateway. The entries are saved to and edited from the 'Dialplan' tab.
+ Shortcut to create the outbound dialplan entries for this Gateway. The entries are saved to and edited from the 'Dialplan' tab.
</span></td>
- </tr>
-
+ </tr>
+
<tr>
<td width="22%" valign="top" class="vncell">Gateway Description</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="description" type="text" class="formfld" id="description" size="40" value="<?=htmlspecialchars($pconfig['description']);?>">
<br> <span class="vexpl">Enter the description of the gateway here.</span></td>
</tr>
diff --git a/config/freeswitch/freeswitch_internal.xml b/config/freeswitch/freeswitch_internal.xml
deleted file mode 100755
index db43b707..00000000
--- a/config/freeswitch/freeswitch_internal.xml
+++ /dev/null
@@ -1,136 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
-<packagegui>
- <copyright>
- <![CDATA[
-/* $Id$ */
-/* ========================================================================== */
-/*
-
- freeswitch_internal.xml
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
-
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 to whom it may belong
- All rights reserved.
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
- ]]>
- </copyright>
- <description>FreeSWITCH is an open source telephony platform designed to facilitate the creation of voice and chat driven products scaling from a soft-phone up to a soft-switch. It can be used as a simple switching engine, a PBX, a media gateway or a media server to host IVR applications using simple scripts or XML to control the callflow.</description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
- <name>freeswitchinternal</name>
- <version>0.1</version>
- <title>FreeSWITCH: Internal</title>
- <aftersaveredirect>pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0</aftersaveredirect>
- <include_file>/usr/local/pkg/freeswitch.inc</include_file>
- <tabs>
- <tab>
- <text>Settings</text>
- <url>/pkg_edit.php?xml=freeswitch.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Dialplan</text>
- <url>/freeswitch/freeswitch_dialplan_includes.php</url>
- </tab>
- <tab>
- <text>Extensions</text>
- <url>/freeswitch/freeswitch_extensions.php</url>
- </tab>
- <tab>
- <text>External</text>
- <url>/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Gateways</text>
- <url>/freeswitch/freeswitch_gateways.php</url>
- </tab>
- <tab>
- <text>Internal</text>
- <url>/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0</url>
- <active/>
- </tab>
- <tab>
- <text>IVR</text>
- <url>/freeswitch/freeswitch_ivr.php</url>
- </tab>
- <tab>
- <text>Modules</text>
- <url>/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Public</text>
- <url>/freeswitch/freeswitch_public_includes.php</url>
- </tab>
- <tab>
- <text>Rec</text>
- <url>/freeswitch/freeswitch_recordings.php</url>
- </tab>
- <tab>
- <text>Status</text>
- <url>/freeswitch/freeswitch_status.php</url>
- </tab>
- <tab>
- <text>Vars</text>
- <url>/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0</url>
- </tab>
- </tabs>
- <configpath>installedpackages->package->$packagename->configuration->freeswitchinternal</configpath>
- <fields>
- <field>
- <fielddescr>&lt;b&gt;Internal&lt;/b&gt; &lt;br /&gt; &lt;br /&gt;SIP internal profile. </fielddescr>
- <fieldname>internal_xml</fieldname>
- <description>&lt;br /&gt;Path: /usr/local/freeswitch/conf/sip_profiles/internal.xml &lt;br /&gt;&lt;br /&gt;</description>
- <type>textarea</type>
- <encoding>base64</encoding>
- <wrap>off</wrap>
- <size>30</size>
- <cols>70</cols>
- <rows>33</rows>
- </field>
- </fields>
- <custom_php_command_before_form>
- </custom_php_command_before_form>
- <custom_php_after_head_command>
- sync_package_freeswitch_internal();
- </custom_php_after_head_command>
- <custom_php_after_form_command>
- </custom_php_after_form_command>
- <custom_php_validation_command>
- </custom_php_validation_command>
- <custom_php_resync_config_command>
- sync_package_freeswitch_internal();
- </custom_php_resync_config_command>
-</packagegui> \ No newline at end of file
diff --git a/config/freeswitch/freeswitch_ivr.tmp b/config/freeswitch/freeswitch_ivr.tmp
index d05337ce..67084f07 100755..100644
--- a/config/freeswitch/freeswitch_ivr.tmp
+++ b/config/freeswitch/freeswitch_ivr.tmp
@@ -2,11 +2,11 @@
/* $Id$ */
/*
freeswitch_ivr.php
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -40,6 +40,7 @@ $a_ivr = &$config['installedpackages']['freeswitchivr']['config'];
if ($_GET['act'] == "del") {
if ($_GET['type'] == 'ivr') {
if ($a_ivr[$_GET['id']]) {
+ unlink("/usr/local/freeswitch/scripts/ivr_".$_GET['ivrid'].".js");
unset($a_ivr[$_GET['id']]);
write_config();
sync_package_freeswitch_ivr();
@@ -61,21 +62,8 @@ include("head.inc");
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
<?php
-
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=freeswitch.xml&amp;id=0");
- $tab_array[] = array(gettext("Dialplan"), false, "/freeswitch/freeswitch_dialplan_includes.php");
- $tab_array[] = array(gettext("Extensions"), false, "/freeswitch/freeswitch_extensions.php");
- $tab_array[] = array(gettext("External"), false, "/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0");
- $tab_array[] = array(gettext("Gateways"), false, "/freeswitch/freeswitch_gateways.php");
- $tab_array[] = array(gettext("Internal"), false, "/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0");
- $tab_array[] = array(gettext("IVR"), true, "/freeswitch/freeswitch_ivr.php");
- $tab_array[] = array(gettext("Modules"), false, "/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0");
- $tab_array[] = array(gettext("Public"), false, "/freeswitch/freeswitch_public_includes.php");
- $tab_array[] = array(gettext("Rec"), false, "/freeswitch/freeswitch_recordings.php");
- $tab_array[] = array(gettext("Status"), false, "/freeswitch/freeswitch_status.php");
- $tab_array[] = array(gettext("Vars"), false, "/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0");
- display_top_tabs($tab_array);
+
+display_top_tabs(build_menu());
?>
</td></tr>
@@ -86,50 +74,20 @@ include("head.inc");
<td class="tabcont" >
<form action="freeswitch_ivr.php" method="post" name="iform" id="iform">
-<?php
-
-
-//echo "<pre>";
-//print_r ($a_ivr);
-//echo "</pre>";
-
-//build a list of recordings from the config.xml
-//$config_recording_list = '';
-//$i = 0;
-//if (count($a_ivr) > 0) {
-// foreach ($a_ivr as $ivrent) {
-// $config_recording_list .= $ivrent['filename']."|";
-// $i++;
-// }
-//}
-//echo "config recording list: ".$config_recording_list."<br />\n";
-
-
-//if ($config_change == 1) {
-// write_config();
-// $config_change = 0;
-//}
-//if ($savemsg) print_info_box($savemsg);
-//if (file_exists($d_hostsdirty_path)): echo"<p>";
-//print_info_box_np("The FreeSWITCH recordings have been changed.<br>You must apply the changes in order for them to take effect.");
-//echo"<br />";
-//endif;
-
-?>
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td><p><span class="vexpl"><span class="red"><strong>IVR<br />
</strong></span>
- An interactive voice response (IVR) often refered to as an Auto Attendant.
- It associates a recording to multiple options that can be used to direct calls
- to extensions, voicemail, queues, other IVR applications, and external
+ An interactive voice response (IVR) often refered to as an Auto Attendant.
+ It associates a recording to multiple options that can be used to direct calls
+ to extensions, voicemail, queues, other IVR applications, and external
phone numbers.
</span></p></td>
</tr>
</table>
<br />
-
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="20%" class="listhdrr">Extension</td>
@@ -143,20 +101,23 @@ include("head.inc");
</tr>
</table>
</td>
- </tr>
+ </tr>
- <?php
+ <?php
$i = 0;
- if (count($a_ivr) > 0) {
+ if (count($a_ivr) > 0) {
foreach ($a_ivr as $ent) {
if (strlen($ent['ivrid']) > 0) {
+
+ $ivrid = str_replace(array("{", "}"), "", $ent['ivrid']);
+
?>
<tr>
<td class="listlr" ondblclick="document.location='freeswitch_ivr_edit.php?id=<?=$i;?>'">
<?=$ent['ivrextension']?>
</td>
<td class="listr" ondblclick="document.location='freeswitch_ivr_edit.php?id=<?=$i;?>';">
- <?=$ent['ivrname'];?>&nbsp;
+ <?=$ent['ivrname'];?>&nbsp;<?=$ent['ivrid'];?>&nbsp;
</td>
<td class="listbg" ondblclick="document.location='freeswitch_ivr_edit.php?id=<?=$i;?>';">
<font color="#FFFFFF"><?=htmlspecialchars($ent['ivrdescr']);?>&nbsp;
@@ -165,14 +126,14 @@ include("head.inc");
<table border="0" cellspacing="0" cellpadding="1">
<tr>
<td valign="middle"><a href="freeswitch_ivr_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td>
- <td><a href="freeswitch_ivr.php?type=ivr&act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td>
+ <td><a href="freeswitch_ivr.php?type=ivr&act=del&id=<?=$i;?>&ivrid=<?php echo $ivrid; ?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td>
</tr>
</table>
</td>
</tr>
<?php
- }
- $i++;
+ }
+ $i++;
}
}
?>
@@ -193,7 +154,7 @@ include("head.inc");
<td class="list"></td>
</tr>
</table>
-
+
</form>
<br>
diff --git a/config/freeswitch/freeswitch_ivr_edit.tmp b/config/freeswitch/freeswitch_ivr_edit.tmp
index f9d4652d..603e4af5 100755..100644
--- a/config/freeswitch/freeswitch_ivr_edit.tmp
+++ b/config/freeswitch/freeswitch_ivr_edit.tmp
@@ -1,11 +1,11 @@
-<?php
+<?php
/* $Id$ */
/*
freeswitch_ivr_edit.php
Copyright (C) 2008 Mark J Crane
All rights reserved.
-
+
FreeSWITCH (TM)
http://www.freeswitch.org/
@@ -122,8 +122,8 @@ $parentid = $id;
$ivrconditionjs .= " condition = false;\n";
$ivrconditionjs .= "}\n";
$ivrconditionjs .= "\n";
-
-
+
+
if (isset($id) && $a_ivr[$id]) {
$pconfig['ivrid'] = $a_ivr[$id]['ivrid'];
$ivrid = $a_ivr[$id]['ivrid'];
@@ -149,7 +149,6 @@ if ($_POST) {
unset($a_ivr_options[$_GET['optionid']]);
write_config();
sync_package_freeswitch_ivr();
- //touch($d_hostsdirty_path);
header("Location: freeswitch_ivr_edit.php?id=".$_GET['id']);
exit;
}
@@ -171,7 +170,7 @@ if ($_POST) {
$ivrent['recordingidaction'] = $_POST['recordingidaction'];
$ivrent['recordingidantiaction'] = $_POST['recordingidantiaction'];
$ivrent['ivrtimeout'] = $_POST['ivrtimeout'];
- $ivrent['ivrcontext'] = $_POST['ivrcontext'];
+ $ivrent['ivrcontext'] = $_POST['ivrcontext'];
$ivrent['ivrconditionjs'] = base64_encode($_POST['ivrconditionjs']);
$ivrent['ivrdescr'] = $_POST['ivrdescr'];
@@ -207,21 +206,8 @@ include("head.inc");
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
<?php
-
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=freeswitch.xml&amp;id=0");
- $tab_array[] = array(gettext("Dialplan"), false, "/freeswitch/freeswitch_dialplan_includes.php");
- $tab_array[] = array(gettext("Extensions"), false, "/freeswitch/freeswitch_extensions.php");
- $tab_array[] = array(gettext("External"), false, "/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0");
- $tab_array[] = array(gettext("Gateways"), false, "/freeswitch/freeswitch_gateways.php");
- $tab_array[] = array(gettext("Internal"), false, "/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0");
- $tab_array[] = array(gettext("IVR"), true, "/freeswitch/freeswitch_ivr.php");
- $tab_array[] = array(gettext("Modules"), false, "/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0");
- $tab_array[] = array(gettext("Public"), false, "/freeswitch/freeswitch_public_includes.php");
- $tab_array[] = array(gettext("Rec"), false, "/freeswitch/freeswitch_recordings.php");
- $tab_array[] = array(gettext("Status"), false, "/freeswitch/freeswitch_status.php");
- $tab_array[] = array(gettext("Vars"), false, "/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0");
- display_top_tabs($tab_array);
+
+display_top_tabs(build_menu());
?>
</td></tr>
@@ -229,8 +215,8 @@ include("head.inc");
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="tabcont" >
-
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
+
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td><p><span class="vexpl"><span class="red"><strong>General Settings:<br>
</strong></span>
@@ -244,20 +230,20 @@ include("head.inc");
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td width="22%" valign="top" class="vncellreq">Extension</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="ivrextension" type="text" class="formfld" id="ivrextension" size="40" value="<?=htmlspecialchars($pconfig['ivrextension']);?>">
<br> <span class="vexpl">e.g. <em>5002</em></span></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">IVR Name</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="ivrname" type="text" class="formfld" id="ivrname" size="40" value="<?=htmlspecialchars($pconfig['ivrname']);?>">
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Recording Action</td>
- <td width="78%" class="vtable">
- <?php
+ <td width="78%" class="vtable">
+ <?php
$a_recordings = &$config['installedpackages']['freeswitchrecordings']['config'];
echo " <select name='recordingidaction' class='formfld'>\n";
echo " <option></option>\n";
@@ -272,13 +258,13 @@ include("head.inc");
}
}
echo " </select>\n";
- ?>
+ ?>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Recording Anti-Action</td>
- <td width="78%" class="vtable">
- <?php
+ <td width="78%" class="vtable">
+ <?php
//$a_recordings = &$config['installedpackages']['freeswitchrecordings']['config'];
echo " <select name='recordingidantiaction' class='formfld'>\n";
echo " <option></option>\n";
@@ -293,33 +279,33 @@ include("head.inc");
}
}
echo " </select>\n";
- ?>
+ ?>
</td>
</tr>
<?php
if (strlen($pconfig['ivrtimeout']) == 0) {
$pconfig['ivrtimeout'] = 10; //set a default timeout
- }
- ?>
+ }
+ ?>
<tr>
<td width="22%" valign="top" class="vncellreq">Timeout</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="ivrtimeout" type="text" class="formfld" id="ivrtimeout" size="40" value="<?=htmlspecialchars($pconfig['ivrtimeout']);?>">
- <br><span class="vexpl">After the recording concludes the
- timeout sets the time in seconds to continue to wait for DTMF.
- If the DTMF is <br />not detected during that time the 't'
+ <br><span class="vexpl">After the recording concludes the
+ timeout sets the time in seconds to continue to wait for DTMF.
+ If the DTMF is <br />not detected during that time the 't'
timeout option is executed.</span>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell">Context</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="ivrcontext" type="text" class="formfld" id="ivrextension" size="40" value="<?=htmlspecialchars($pconfig['ivrcontext']);?>">
<br> <span class="vexpl">e.g. <em>default</em></span></td>
- </tr>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncell">Description</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="ivrdescr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['ivrdescr']);?>">
<br> <span class="vexpl">You may enter a description here
for your reference (not parsed).</span></td>
@@ -337,14 +323,14 @@ include("head.inc");
echo "<textarea name=\"ivrconditionjs\" cols=\"50\" rows=\"7\" wrap=\"off\">".htmlspecialchars(base64_decode($pconfig['ivrconditionjs']))."</textarea>\n";
}
?>
- <br> <span class="vexpl">A simple valid condition is:
- condition=true; To re-populate the default simply empty the
- textarea and click on save. The following javascript variables
- have been defined: Hours, Mins, Seconds, Month, Date, Year,
+ <br> <span class="vexpl">A simple valid condition is:
+ condition=true; To re-populate the default simply empty the
+ textarea and click on save. The following javascript variables
+ have been defined: Hours, Mins, Seconds, Month, Date, Year,
and Day.</span></td>
- </tr>
-
-
+ </tr>
+
+
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
@@ -357,39 +343,39 @@ include("head.inc");
</tr>
</table>
</form>
-
+
<br>
<br>
<form action="freeswitch_ivr_edit.php" method="post" name="iform2" id="iform2">
- <?php
-
-
+ <?php
+
+
//echo "<pre>";
//print_r ($a_ivr);
//echo "</pre>";
-
- //if ($savemsg) print_info_box($savemsg);
+
+ //if ($savemsg) print_info_box($savemsg);
//if (file_exists($d_hostsdirty_path)): echo"<p>";
//print_info_box_np("The FreeSWITCH recordings have been changed.<br>You must apply the changes in order for them to take effect.");
//echo"<br />";
- //endif;
-
+ //endif;
+
?>
-
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
+
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td><p><span class="vexpl"><span class="red"><strong><br>
</strong></span>
- Options are the choices that are available to the caller when they
- are calling the auto attendant. If the caller presses 2 then the call
+ Options are the choices that are available to the caller when they
+ are calling the auto attendant. If the caller presses 2 then the call
is directed to the corresponding destination.
</span></p></td>
</tr>
</table>
-
-
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
+
+
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td><p><span class="vexpl"><span class="red"><strong>Action<br />
</strong></span>
@@ -398,7 +384,7 @@ include("head.inc");
</tr>
</table>
<br />
-
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="20%" class="listhdrr">Option</td>
@@ -415,9 +401,9 @@ include("head.inc");
</td>
</tr>
- <?php
+ <?php
$i = 0;
- if (count($a_ivr_options) > 0) {
+ if (count($a_ivr_options) > 0) {
foreach ($a_ivr_options as $ent) {
if ($ent['optionaction'] == "action" && $ivrid == $ent['ivrid']) {
?>
@@ -430,7 +416,7 @@ include("head.inc");
</td>
<td class="listr" ondblclick="document.location='freeswitch_ivr_options_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>';">
<?=$ent['optiondest'];?>&nbsp;
- </td>
+ </td>
<td class="listbg" ondblclick="document.location='freeswitch_ivr_options_edit.php?id=<?=$id;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>';">
<font color="#FFFFFF"><?=htmlspecialchars($ent['optiondescr']);?>&nbsp;
</td>
@@ -443,9 +429,9 @@ include("head.inc");
</table>
</td>
</tr>
- <?php
+ <?php
}
- $i++;
+ $i++;
}
}
?>
@@ -467,36 +453,36 @@ include("head.inc");
<td class="list"></td>
</tr>
</table>
-
+
</form>
-
+
<form action="freeswitch_ivr_edit.php" method="post" name="iform2" id="iform2">
- <?php
-
-
+ <?php
+
+
//echo "<pre>";
//print_r ($a_ivr);
//echo "</pre>";
-
- //if ($savemsg) print_info_box($savemsg);
+
+ //if ($savemsg) print_info_box($savemsg);
//if (file_exists($d_hostsdirty_path)): echo"<p>";
//print_info_box_np("The FreeSWITCH recordings have been changed.<br>You must apply the changes in order for them to take effect.");
//echo"<br />";
- //endif;
-
+ //endif;
+
?>
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td><p><span class="vexpl"><span class="red"><strong>Anti-Action<br />
</strong></span>
- The options that are executed when the <b>condition does NOT match.</b>
+ The options that are executed when the <b>condition does NOT match.</b>
</span></p></td>
</tr>
</table>
<br />
-
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="20%" class="listhdrr">Option</td>
@@ -513,9 +499,9 @@ include("head.inc");
</td>
</tr>
- <?php
+ <?php
$i = 0;
- if (count($a_ivr_options) > 0) {
+ if (count($a_ivr_options) > 0) {
foreach ($a_ivr_options as $ent) {
if ($ent['optionaction'] == "anti-action" && $ivrid == $ent['ivrid']) {
?>
@@ -528,7 +514,7 @@ include("head.inc");
</td>
<td class="listr" ondblclick="document.location='freeswitch_ivr_options_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>';">
<?=$ent['optiondest'];?>&nbsp;
- </td>
+ </td>
<td class="listbg" ondblclick="document.location='freeswitch_ivr_options_edit.php?id=<?=$id;?>&parentid=<?=$parentid;?>&ivrid=<?=$ivrid;?>';">
<font color="#FFFFFF"><?=htmlspecialchars($ent['optiondescr']);?>&nbsp;
</td>
@@ -541,9 +527,9 @@ include("head.inc");
</table>
</td>
</tr>
- <?php
+ <?php
}
- $i++;
+ $i++;
}
}
?>
@@ -565,11 +551,11 @@ include("head.inc");
<td class="list"></td>
</tr>
</table>
-
+
</form>
-
+
+ <br>
<br>
- <br>
</td>
</tr>
diff --git a/config/freeswitch/freeswitch_ivr_options.tmp b/config/freeswitch/freeswitch_ivr_options.tmp
index 8356bc58..096e5b6e 100755
--- a/config/freeswitch/freeswitch_ivr_options.tmp
+++ b/config/freeswitch/freeswitch_ivr_options.tmp
@@ -2,11 +2,11 @@
/* $Id$ */
/*
freeswitch_ivr_options.php
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
diff --git a/config/freeswitch/freeswitch_ivr_options_edit.tmp b/config/freeswitch/freeswitch_ivr_options_edit.tmp
index 78975a7f..1e3313d0 100755..100644
--- a/config/freeswitch/freeswitch_ivr_options_edit.tmp
+++ b/config/freeswitch/freeswitch_ivr_options_edit.tmp
@@ -1,24 +1,24 @@
-<?php
+<?php
/* $Id$ */
/*
freeswitch_recordings_edit.php
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
-
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -89,7 +89,7 @@ if ($_POST) {
$a_ivr_options[$id] = $ivroptionent;
}
else {
- //add
+ //add
$a_ivr_options[] = $ivroptionent;
}
@@ -115,21 +115,8 @@ include("head.inc");
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
<?php
-
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=freeswitch.xml&amp;id=0");
- $tab_array[] = array(gettext("Dialplan"), false, "/freeswitch/freeswitch_dialplan_includes.php");
- $tab_array[] = array(gettext("Extensions"), false, "/freeswitch/freeswitch_extensions.php");
- $tab_array[] = array(gettext("External"), false, "/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0");
- $tab_array[] = array(gettext("Gateways"), false, "/freeswitch/freeswitch_gateways.php");
- $tab_array[] = array(gettext("Internal"), false, "/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0");
- $tab_array[] = array(gettext("IVR"), true, "/freeswitch/freeswitch_ivr.php");
- $tab_array[] = array(gettext("Modules"), false, "/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0");
- $tab_array[] = array(gettext("Public"), false, "/freeswitch/freeswitch_public_includes.php");
- $tab_array[] = array(gettext("Rec"), false, "/freeswitch/freeswitch_recordings.php");
- $tab_array[] = array(gettext("Status"), false, "/freeswitch/freeswitch_status.php");
- $tab_array[] = array(gettext("Vars"), false, "/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0");
- display_top_tabs($tab_array);
+
+display_top_tabs(build_menu());
?>
</td></tr>
@@ -137,19 +124,19 @@ include("head.inc");
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="tabcont" >
-
+
<form action="freeswitch_ivr_options_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td width="22%" valign="top" class="vncellreq">Option Number</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="optionnumber" type="text" class="formfld" id="optionnumber" size="40" value="<?=htmlspecialchars($pconfig['optionnumber']);?>">
<br> <span class="vexpl">Option Number<br>
e.g. <em>1</em></span></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Type</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<?php
echo " <select name='optiontype' class='formfld'>\n";
echo " <option></option>\n";
@@ -168,17 +155,17 @@ include("head.inc");
echo " </select>\n";
?>
</td>
- </tr>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Destination</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="optiondest" type="text" class="formfld" id="optiondest" size="40" value="<?=htmlspecialchars($pconfig['optiondest']);?>">
<br> <span class="vexpl">Destination<br>
e.g. <em>1001</em></span></td>
- </tr>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncell">Description</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="optiondescr" type="text" class="formfld" id="optiondescr" size="40" value="<?=htmlspecialchars($pconfig['optiondescr']);?>">
<br> <span class="vexpl">You may enter a description here
for your reference (not parsed).</span></td>
@@ -188,23 +175,23 @@ include("head.inc");
<td width="78%">
<input name="ivrid" type="hidden" value="<?=$ivrid;?>">
<input name="parentid" type="hidden" value="<?=$parentid;?>">
- <input name="optionaction" type="hidden" value="<?=$pconfig['optionaction'];?>">
+ <input name="optionaction" type="hidden" value="<?=$pconfig['optionaction'];?>">
<?php if (isset($id) && $a_ivr_options[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>">
+ <input name="id" type="hidden" value="<?=$id;?>">
<?php endif; ?>
<input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()">
</td>
</tr>
</table>
</form>
-
+
<br>
<br>
<br>
<br>
<br>
<br>
-
+
</td>
</tr>
</table>
diff --git a/config/freeswitch/freeswitch_mailto.tmp b/config/freeswitch/freeswitch_mailto.tmp
index 23645570..71af859c 100755
--- a/config/freeswitch/freeswitch_mailto.tmp
+++ b/config/freeswitch/freeswitch_mailto.tmp
@@ -1,12 +1,12 @@
<?php
/* $Id$ */
/*
- freeswitch_mailto.php
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
+ freeswitch_mailto.php
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -32,7 +32,7 @@
require_once("config.inc");
require_once("/usr/local/pkg/freeswitch.inc");
-global $config;
+global $config;
$tmp_smtphost = $config['installedpackages']['freeswitchsettings']['config'][0]['smtphost'];
$tmp_smtpsecure = $config['installedpackages']['freeswitchsettings']['config'][0]['smtpsecure']; //options "", "TLS", "SSL"
@@ -43,12 +43,12 @@ $tmp_smtppassword = $config['installedpackages']['freeswitchsettings']['config']
$tmp_smtpfrom = $config['installedpackages']['freeswitchsettings']['config'][0]['smtpfrom'];
$tmp_smtpfromname = $config['installedpackages']['freeswitchsettings']['config'][0]['smtpfromname'];
-
+
ini_set(max_execution_time,900); //15 minutes
ini_set('memory_limit', '96M');
$fd = fopen("php://stdin", "r");
-$email = file_get_contents ("php://stdin");
+$email = file_get_contents ("php://stdin");
fclose($fd);
@@ -65,8 +65,8 @@ ob_start();
$tmparray = split("\n\n", $email);
$mainheader = $tmparray[0];
$maincontent = substr($email, strlen($mainheader), strlen($email));
-
-//get the boundary
+
+//get the boundary
$tmparray = split("\n", $mainheader);
$contenttmp = $tmparray[1]; //Content-Type: multipart/mixed; boundary="XXXX_boundary_XXXX"
$tmparray = split('; ', $contenttmp); //boundary="XXXX_boundary_XXXX"
@@ -75,11 +75,11 @@ ob_start();
$boundary = $tmparray[1];
$boundary = trim($boundary,'"');
//echo "boundary: $boundary\n";
-
+
//put the main headers into an array
$mainheaderarray = split("\n", $mainheader);
//print_r($mainheaderarray);
- foreach ($mainheaderarray as $val) {
+ foreach ($mainheaderarray as $val) {
$tmparray = split(': ', $val);
//print_r($tmparray);
$var[$tmparray[0]] = trim($tmparray[1]);
@@ -87,13 +87,13 @@ ob_start();
$var['To'] = str_replace("<", "", $var['To']);
$var['To'] = str_replace(">", "", $var['To']);
-
+
echo "To: ".$var['To']."\n";
echo "From: ".$var['From']."\n";
echo "Subject: ".$var['Subject']."\n";
//print_r($var);
echo "\n\n";
-
+
// split mime type multi-part into each part
$maincontent = str_replace($boundary."--", $boundary, $maincontent);
@@ -102,7 +102,7 @@ ob_start();
// loop through each mime part
$i=0;
foreach ($tmparray as $mimepart) {
-
+
$mimearray = split("\n\n", $mimepart);
$subheader = $mimearray[0];
$headermimearray = split("\n", trim($subheader));
@@ -117,40 +117,40 @@ ob_start();
//echo "subboundary: ".$subboundary."\n";
}
}
- else {
+ else {
$tmparray = split(':', $val); //':' found
}
-
+
//print_r($tmparray);
$var[trim($tmparray[0])] = trim($tmparray[1]);
}
//print_r($var);
-
-
+
+
$contenttypearray = split(' ', $headermimearray[0]);
-
+
if ($contenttypearray[0] == "Content-Type:") {
$contenttype = trim($contenttypearray[1]);
-
+
switch ($contenttype) {
case "multipart/alternative;":
-
+
//echo "type: ".$contenttype."\n";
$content = trim(substr($mimepart, strlen($subheader), strlen($mimepart)));
-
+
$content = str_replace($subboundary."--", $subboundary, $content);
$tmpsubarray = split("--".$subboundary, $content);
foreach ($tmpsubarray as $mimesubsubpart) {
-
+
$mimesubsubarray = split("\n\n", $mimesubsubpart);
$subsubheader = $mimesubsubarray[0];
-
+
$headersubsubmimeearray = split("\n", trim($subsubheader));
$subsubcontenttypearray = split(' ', $headersubsubmimeearray[0]);
//echo "subsubcontenttypearray[0] ".$subsubcontenttypearray[0]."\n";
if ($subsubcontenttypearray[0] == "Content-Type:") {
- $subsubcontenttype = trim($subsubcontenttypearray[1]);
+ $subsubcontenttype = trim($subsubcontenttypearray[1]);
switch ($subsubcontenttype) {
case "text/plain;":
$textplain = trim(substr($mimesubsubpart, strlen($subsubheader), strlen($mimesubsubpart)));
@@ -162,51 +162,51 @@ ob_start();
break;
}
} //end if
-
+
} //end foreach
-
+
break;
case "audio/wav;":
- //echo "type: ".$contenttype."\n";
+ //echo "type: ".$contenttype."\n";
$strwav = trim(substr($mimepart, strlen($subheader), strlen($mimepart)));
//echo "\n*** begin wav ***\n".$strwav."\n*** end wav ***\n";
break;
-
- }//end switch
+
+ }//end switch
} //end if
-
- $i++;
-
+
+ $i++;
+
} //end foreach
//send the email
-
+
include "class.phpmailer.php";
include "class.smtp.php"; ; // optional, gets called from within class.phpmailer.php if not already loaded
-
+
$mail = new PHPMailer();
-
+
$mail->IsSMTP(); // set mailer to use SMTP
$mail->SMTPAuth = $tmp_smtpauth; // turn on/off SMTP authentication
$mail->Host = $tmp_smtphost;
if (strlen($tmp_smtpsecure)>0) {
$mail->SMTPSecure = $tmp_smtpsecure;
}
- if ($tmp_smtpauth) {
+ if ($tmp_smtpauth) {
$mail->Username = $tmp_smtpusername;
$mail->Password = $tmp_smtppassword;
}
-
+
$mail->From = $tmp_smtpfrom;
$mail->FromName = $tmp_smtpfromname;
$mail->Subject = $var['Subject'];
$mail->AltBody = $textplain; // optional, comment out and test
$mail->MsgHTML($texthtml);
-
-
+
+
$tmp_to = $var['To'];
$tmp_to = str_replace(";", ",", $tmp_to);
$tmp_to_array = split(",", $tmp_to);
@@ -222,10 +222,10 @@ ob_start();
$mail->AddStringAttachment(base64_decode($strwav),$filename,$encoding,$type);
}
unset($strwav);
-
+
if(!$mail->Send()) {
echo "Mailer Error: " . $mail->ErrorInfo;
- }
+ }
else {
echo "Message sent!";
}
diff --git a/config/freeswitch/freeswitch_modules.xml b/config/freeswitch/freeswitch_modules.xml
index fd962aa3..8c211820 100755..100644
--- a/config/freeswitch/freeswitch_modules.xml
+++ b/config/freeswitch/freeswitch_modules.xml
@@ -65,7 +65,7 @@
<name>freeswitch</name>
<rcfile>freeswitch.sh</rcfile>
<executable>freeswitch</executable>
- <description>FreeSWITCH is an open source telephony platform designed to facilitate the creation of voice and chat driven products scaling from a soft-phone up to a soft-switch. It can be used as a simple switching engine, a PBX, a media gateway or a media server to host IVR applications using simple scripts or XML to control the callflow.</description>
+ <description>FreeSWITCH is an open source telephony platform designed to facilitate the creation of voice and chat driven products scaling from a soft-phone up to a soft-switch. It can be used as a simple switching engine, a PBX, a media gateway or a media server to host IVR applications using simple scripts or XML to control the callflow.</description>
</service>
<tabs>
<tab>
@@ -74,48 +74,35 @@
</tab>
<tab>
<text>Dialplan</text>
- <url>/freeswitch/freeswitch_dialplan_includes.php</url>
+ <url>/packages/freeswitch/freeswitch_dialplan_includes.php</url>
</tab>
<tab>
<text>Extensions</text>
- <url>/freeswitch/freeswitch_extensions.php</url>
+ <url>/packages/freeswitch/freeswitch_extensions.php</url>
</tab>
<tab>
- <text>External</text>
- <url>/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0</url>
+ <text>Features</text>
+ <url>/packages/freeswitch/freeswitch_features.php</url>
</tab>
<tab>
<text>Gateways</text>
- <url>/freeswitch/freeswitch_gateways.php</url>
- </tab>
- <tab>
- <text>Internal</text>
- <url>/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0</url>
+ <url>/packages/freeswitch/freeswitch_gateways.php</url>
</tab>
<tab>
- <text>IVR</text>
- <url>/freeswitch/freeswitch_ivr.php</url>
- </tab>
- <tab>
- <text>Modules</text>
- <url>/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0</url>
- <active/>
+ <text>Profiles</text>
+ <url>/packages/freeswitch/freeswitch_profiles.php</url>
</tab>
<tab>
<text>Public</text>
- <url>/freeswitch/freeswitch_public_includes.php</url>
- </tab>
- <tab>
- <text>Rec</text>
- <url>/freeswitch/freeswitch_recordings.php</url>
+ <url>/packages/freeswitch/freeswitch_public_includes.php</url>
</tab>
<tab>
<text>Status</text>
- <url>/freeswitch/freeswitch_status.php</url>
+ <url>/packages/freeswitch/freeswitch_status.php</url>
</tab>
<tab>
<text>Vars</text>
- <url>/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0</url>
+ <url>/packages/freeswitch/freeswitch_vars.php</url>
</tab>
</tabs>
<configpath>installedpackages->package->$packagename->configuration->freeswitchmodules</configpath>
diff --git a/config/freeswitch/freeswitch_profile_edit.tmp b/config/freeswitch/freeswitch_profile_edit.tmp
new file mode 100644
index 00000000..2466f115
--- /dev/null
+++ b/config/freeswitch/freeswitch_profile_edit.tmp
@@ -0,0 +1,143 @@
+<?php
+/* $Id$ */
+/*
+ freeswitch_profile_edit.php
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+require("/usr/local/pkg/freeswitch.inc");
+
+//$a_extensions = &$config['installedpackages']['freeswitchprofiles']['config'];
+
+$fd = fopen("/usr/local/freeswitch/conf/sip_profiles/".$_GET['f'], "r");
+$content = fread($fd, filesize("/usr/local/freeswitch/conf/sip_profiles/".$_GET['f']));
+fclose($fd);
+
+include("head.inc");
+
+?>
+
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<script language="Javascript">
+function sf() { document.forms[0].savetopath.focus(); }
+</script>
+<script language="Javascript" type="text/javascript" src="/edit_area/edit_area_full.js"></script>
+<script language="Javascript" type="text/javascript">
+ // initialisation
+ editAreaLoader.init({
+ id: "code" // id of the textarea to transform
+ ,start_highlight: false
+ ,allow_toggle: false
+ ,language: "en"
+ ,syntax: "html"
+ ,toolbar: "search, go_to_line,|, fullscreen, |, undo, redo, |, select_font, |, syntax_selection, |, change_smooth_selection, highlight, reset_highlight, |, help"
+ ,syntax_selection_allow: "css,html,js,php,xml,c,cpp,sql"
+ ,show_line_colors: true
+ });
+</script>
+
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">FreeSWITCH: Edit Profile</p>
+
+<div id="mainlevel">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td class="tabnavtbl">
+<?php
+
+display_top_tabs(build_menu());
+
+?>
+</td></tr>
+</table>
+
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="tabcont" >
+
+<form action="freeswitch_profiles.php" method="post" name="iform" id="iform">
+<?php
+
+?>
+ <table width="98%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td><p><span class="vexpl"><span class="red"><strong>Edit Profile<br>
+ </strong></span>
+ Use this to configure your SIP profiles.
+ </p>
+ </td>
+ <td align='right' valign='middle'>Filename: <input type="text" name="f" value="<?php echo $_GET['f']; ?>" /><input type="submit" value="save" /></td>
+ </tr>
+ </table>
+ <br />
+ <br />
+
+ <textarea style="width:98%" id="code" name="code" rows="30" cols="<?php echo $cols; ?>" name="content"><?php echo htmlentities($content); ?></textarea>
+ <br />
+ <br />
+
+ <table width="98%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td>/usr/local/freeswitch/conf/sip_profiles/<?php echo $_GET['f']; ?></td>
+ <td align='right'>
+ <input type="hidden" name="a" value="save" />
+ <?php
+ echo "<input type='button' value='Restore Default' onclick=\"document.location.href='/packages/freeswitch/freeswitch_profiles.php?a=default&f=".$_GET['f']."';\" />";
+ ?>
+ </td>
+ </tr>
+ </table>
+
+</form>
+
+<br>
+<br>
+
+<br>
+<br>
+<br>
+<br>
+<br>
+<br>
+<br>
+<br>
+
+</td>
+</tr>
+</table>
+
+</div>
+
+
+
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/freeswitch/freeswitch_profiles.tmp b/config/freeswitch/freeswitch_profiles.tmp
new file mode 100644
index 00000000..983b448c
--- /dev/null
+++ b/config/freeswitch/freeswitch_profiles.tmp
@@ -0,0 +1,224 @@
+<?php
+/* $Id$ */
+/*
+ freeswitch_profiles.php
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+require("/usr/local/pkg/freeswitch.inc");
+
+//$a_extensions = &$config['installedpackages']['freeswitchextensions']['config'];
+
+
+if ($_GET['a'] == "default") {
+ conf_mount_rw();
+ exec("cp /usr/local/freeswitch/conf.orig/sip_profiles/".$_GET['f']." /usr/local/freeswitch/conf/sip_profiles/".$_GET['f']);
+ $savemsg = "Restore Default";
+ conf_mount_ro();
+}
+
+if ($_POST['a'] == "save") {
+ conf_mount_rw();
+ $content = ereg_replace("\r","",$_POST['code']);
+ $fd = fopen("/usr/local/freeswitch/conf/sip_profiles/".$_POST['f'], "w");
+ fwrite($fd, $content);
+ fclose($fd);
+ $savemsg = "Saved";
+ conf_mount_ro();
+}
+
+
+if ($_GET['a'] == "del") {
+ if ($_GET['type'] == 'profile') {
+ //if ($a_profiles[$_GET['id']]) {
+ //unset($a_extensions[$_GET['id']]);
+ //write_config();
+
+ exec("rm /usr/local/freeswitch/conf/sip_profiles/".$_GET['f']);
+ header("Location: freeswitch_profiles.php");
+ exit;
+ //}
+ }
+}
+
+include("head.inc");
+
+?>
+
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">FreeSWITCH: Profiles</p>
+
+<div id="mainlevel">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td class="tabnavtbl">
+<?php
+
+ $tab_array = array();
+ $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=freeswitch.xml&amp;id=0");
+ $tab_array[] = array(gettext("Dialplan"), false, "/packages/freeswitch/freeswitch_dialplan_includes.php");
+ $tab_array[] = array(gettext("Extensions"), false, "/packages/freeswitch/freeswitch_extensions.php");
+ $tab_array[] = array(gettext("Features"), false, "/packages/freeswitch/freeswitch_features.php");
+ $tab_array[] = array(gettext("Gateways"), false, "/packages/freeswitch/freeswitch_gateways.php");
+ $tab_array[] = array(gettext("Profiles"), true, "/packages/freeswitch/freeswitch_profiles.php");
+ $tab_array[] = array(gettext("Public"), false, "/packages/freeswitch/freeswitch_public_includes.php");
+ $tab_array[] = array(gettext("Status"), false, "/packages/freeswitch/freeswitch_status.php");
+ $tab_array[] = array(gettext("Vars"), false, "/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0");
+ display_top_tabs($tab_array);
+
+?>
+</td></tr>
+</table>
+
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="tabcont" >
+
+<form action="freeswitch_profiles.php" method="post" name="iform" id="iform">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td><p><span class="vexpl"><span class="red"><strong>Profiles<br>
+ </strong></span>
+ Use this to configure your SIP profiles.
+ </p></td>
+ </tr>
+ </table>
+ <br />
+
+
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td width="25%" class="listhdrr">Name</td>
+ <td width="70%" class="listhdr">Description</td>
+ <td width="5%" class="list">
+ </td>
+ </tr>
+
+
+ <?php
+
+ foreach (ListFiles('/usr/local/freeswitch/conf/sip_profiles') as $key=>$file){
+ ?>
+ <tr>
+ <td class="listr" ondblclick="document.location='freeswitch_profile_edit.php?f=<?=$file;?>';" valign="middle">
+ <?=$file;?>&nbsp;
+ </td>
+ <td class="listbg" ondblclick="document.location='freeswitch_profile_edit.php?f=<?=$file;?>';">
+ <?php
+
+ switch ($file) {
+ case "internal.xml":
+ echo "<font color='#FFFFFF'>";
+ echo "The Internal profile by default requires registration which is most often used for extensions. ";
+ echo "By default the Internal profile binds to the WAN IP which is accessible to the internal network. ";
+ echo "A rule can be set from PFSense -> Firewall -> Rules -> WAN to the the WAN IP for port 5060 which ";
+ echo "enables phones register from outside the network.";
+ echo "";
+ echo "</font>";
+ echo "&nbsp;";
+ break;
+ case "internal-ipv6.xml":
+ echo "<font color='#FFFFFF'>The Internal IPV6 profile binds to the IP version 6 address and is similar to the Internal profile.</font>&nbsp;";
+ break;
+ case "external.xml":
+ echo "<font color='#FFFFFF'>";
+ echo "The External profile handles outbound registrations to a SIP provider or other SIP Server. The SIP provider sends calls to you, and you ";
+ echo "send calls to your provider, through the external profile. The external profile allows anonymous calling, which is ";
+ echo "required as your provider will never authenticate with you to send you a call. Calls can be sent using a SIP URL \"my.domain.com:5080\" ";
+ echo "</font>&nbsp;";
+ break;
+ case "lan.xml":
+ echo "<font color='#FFFFFF'>The LAN profile is the same as the Internal profile except that it is bound to the LAN IP.</font>&nbsp;";
+ break;
+ default:
+ echo "<font color='#FFFFFF'>default</font>&nbsp;";
+ }
+ ?>
+ </td>
+ <td valign="middle" nowrap class="list" valign="top">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td valign="middle"><a href="freeswitch_profile_edit.php?type=profile&f=<?=$file;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td>
+ <td><a href="freeswitch_profiles.php?type=profile&a=del&f=<?=$file;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php
+ $i++;
+ }
+
+ ?>
+
+ <tr>
+ <td class="list" colspan="4"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td width="17"></td>
+ <td valign="middle"></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+
+
+ <tr>
+ <td class="list" colspan="4"></td>
+ <td class="list"></td>
+ </tr>
+ </table>
+
+</form>
+
+<br>
+<br>
+/usr/local/freeswitch/conf/sip_profiles
+<br>
+<br>
+<br>
+<br>
+<br>
+<br>
+<br>
+<br>
+
+</td>
+</tr>
+</table>
+
+</div>
+
+
+
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/freeswitch/freeswitch_public.tmp b/config/freeswitch/freeswitch_public.tmp
new file mode 100644
index 00000000..0c05fe47
--- /dev/null
+++ b/config/freeswitch/freeswitch_public.tmp
@@ -0,0 +1,162 @@
+<?php
+/* $Id$ */
+/*
+ freeswitch_public.php
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+require("/usr/local/pkg/freeswitch.inc");
+
+//$a_extensions = &$config['installedpackages']['freeswitchprofiles']['config'];
+
+if ($_GET['a'] == "default") {
+ conf_mount_rw();
+ exec("cp /usr/local/freeswitch/conf.orig/dialplan/public.xml /usr/local/freeswitch/conf/dialplan/public.xml");
+ $savemsg = "Default Restored";
+ conf_mount_ro();
+}
+
+if ($_POST['a'] == "save") {
+ conf_mount_rw();
+ $content = ereg_replace("\r","",$_POST['code']);
+ $fd = fopen("/usr/local/freeswitch/conf/dialplan/public.xml", "w");
+ fwrite($fd, $content);
+ fclose($fd);
+ $savemsg = "Saved";
+ conf_mount_ro();
+}
+
+
+$fd = fopen("/usr/local/freeswitch/conf/dialplan/public.xml", "r");
+$content = fread($fd, filesize("/usr/local/freeswitch/conf/dialplan/public.xml"));
+fclose($fd);
+
+include("head.inc");
+
+?>
+
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<script language="Javascript">
+function sf() { document.forms[0].savetopath.focus(); }
+</script>
+<script language="Javascript" type="text/javascript" src="/edit_area/edit_area_full.js"></script>
+<script language="Javascript" type="text/javascript">
+ // initialisation
+ editAreaLoader.init({
+ id: "code" // id of the textarea to transform
+ ,start_highlight: false
+ ,allow_toggle: false
+ ,language: "en"
+ ,syntax: "html"
+ ,toolbar: "search, go_to_line,|, fullscreen, |, undo, redo, |, select_font, |, syntax_selection, |, change_smooth_selection, highlight, reset_highlight, |, help"
+ ,syntax_selection_allow: "css,html,js,php,xml,c,cpp,sql"
+ ,show_line_colors: true
+ });
+</script>
+
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">FreeSWITCH: Public</p>
+
+<div id="mainlevel">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td class="tabnavtbl">
+<?php
+
+display_top_tabs(build_menu());
+
+?>
+</td></tr>
+</table>
+
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="tabcont" >
+
+<form action="freeswitch_public.php" method="post" name="iform" id="iform">
+<?php
+
+?>
+ <table width="98%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width='90%'><p><span class="vexpl"><span class="red"><strong>Public<br>
+ </strong></span>
+ Directs inbound calls to extensions, IVRs, external numbers, and scripts.
+ </p>
+ </td>
+ <td width='10%' align='right' valign='middle'><input type="submit" value="save" /></td>
+ </tr>
+ </table>
+ <br />
+ <br />
+
+ <textarea style="width:98%" id="code" name="code" rows="30" cols="<?php echo $cols; ?>" name="content"><?php echo htmlentities($content); ?></textarea>
+ <br />
+ <br />
+
+ <table width="98%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td>/usr/local/freeswitch/conf/dialplan/public.xml</td>
+ <td align='right'>
+ <input type="hidden" name="f" value="<?php echo $_GET['f']; ?>" />
+ <input type="hidden" name="a" value="save" />
+ <?php
+ echo "<input type='button' value='Restore Default' onclick=\"document.location.href='/packages/freeswitch/freeswitch_public.php?a=default&f=public.xml';\" />";
+ ?>
+ </td>
+ </tr>
+ </table>
+
+</form>
+
+<br>
+<br>
+
+<br>
+<br>
+<br>
+<br>
+<br>
+<br>
+<br>
+<br>
+
+</td>
+</tr>
+</table>
+
+</div>
+
+
+
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/freeswitch/freeswitch_public.xml b/config/freeswitch/freeswitch_public.xml
deleted file mode 100755
index ed633a4e..00000000
--- a/config/freeswitch/freeswitch_public.xml
+++ /dev/null
@@ -1,135 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
-<packagegui>
- <copyright>
- <![CDATA[
-/* $Id$ */
-/* ========================================================================== */
-/*
- freeswitch_public.xml
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
-
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 to whom it may belong
- All rights reserved.
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
- ]]>
- </copyright>
- <description>FreeSWITCH is an open source telephony platform designed to facilitate the creation of voice and chat driven products scaling from a soft-phone up to a soft-switch. It can be used as a simple switching engine, a PBX, a media gateway or a media server to host IVR applications using simple scripts or XML to control the callflow.</description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
- <name>freeswitchpublic</name>
- <version>0.1</version>
- <title>FreeSWITCH: Public</title>
- <aftersaveredirect>pkg_edit.php?xml=freeswitch_public.xml&amp;id=0</aftersaveredirect>
- <include_file>/usr/local/pkg/freeswitch.inc</include_file>
- <tabs>
- <tab>
- <text>Settings</text>
- <url>/pkg_edit.php?xml=freeswitch.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Dialplan</text>
- <url>/freeswitch/freeswitch_dialplan_includes.php</url>
- </tab>
- <tab>
- <text>Extensions</text>
- <url>/freeswitch/freeswitch_extensions.php</url>
- </tab>
- <tab>
- <text>External</text>
- <url>/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Gateways</text>
- <url>/freeswitch/freeswitch_gateways.php</url>
- </tab>
- <tab>
- <text>Internal</text>
- <url>/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>IVR</text>
- <url>/freeswitch/freeswitch_ivr.php</url>
- </tab>
- <tab>
- <text>Modules</text>
- <url>/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Public</text>
- <url>/freeswitch/freeswitch_public_includes.php</url>
- <active/>
- </tab>
- <tab>
- <text>Rec</text>
- <url>/freeswitch/freeswitch_recordings.php</url>
- </tab>
- <tab>
- <text>Status</text>
- <url>/freeswitch/freeswitch_status.php</url>
- </tab>
- <tab>
- <text>Vars</text>
- <url>/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0</url>
- </tab>
- </tabs>
- <configpath>installedpackages->package->$packagename->configuration->freeswitchpublic</configpath>
- <fields>
- <field>
- <fielddescr>&lt;b&gt;Public&lt;/b&gt; &lt;br /&gt; &lt;br /&gt;Directs inbound calls to extensions, IVRs, external numbers, and scripts. </fielddescr>
- <fieldname>public_xml</fieldname>
- <description>&lt;br /&gt;Path: /usr/local/freeswitch/conf/dialplan/public.xml &lt;br /&gt;&lt;br /&gt;</description>
- <type>textarea</type>
- <encoding>base64</encoding>
- <wrap>off</wrap>
- <size>30</size>
- <cols>70</cols>
- <rows>33</rows>
- </field>
- </fields>
- <custom_php_command_before_form>
- </custom_php_command_before_form>
- <custom_php_after_head_command>
- sync_package_freeswitch_public();
- </custom_php_after_head_command>
- <custom_php_after_form_command>
- </custom_php_after_form_command>
- <custom_php_validation_command>
- </custom_php_validation_command>
- <custom_php_resync_config_command>
- sync_package_freeswitch_public();
- </custom_php_resync_config_command>
-</packagegui> \ No newline at end of file
diff --git a/config/freeswitch/freeswitch_public_includes.tmp b/config/freeswitch/freeswitch_public_includes.tmp
index 66f733b3..51a535d4 100755..100644
--- a/config/freeswitch/freeswitch_public_includes.tmp
+++ b/config/freeswitch/freeswitch_public_includes.tmp
@@ -2,11 +2,11 @@
/* $Id$ */
/*
freeswitch_public_includes.php
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -41,7 +41,7 @@ require("/usr/local/pkg/freeswitch.inc");
//default
//enabled
//descr
-
+
//freeswitchpublicincludedetails
//publicincludeid
@@ -53,7 +53,7 @@ require("/usr/local/pkg/freeswitch.inc");
//tagorder
//1-20
//fieldtype
-
+
//fielddata
@@ -63,7 +63,7 @@ $a_public_includes_details = &$config['installedpackages']['freeswitchpublicincl
if ($_GET['act'] == "del") {
if ($_GET['type'] == 'publicincludes') {
-
+
if ($a_public_includes[$_GET['id']]) {
$publicincludeid = $a_public_includes[$_GET['id']][publicincludeid];
@@ -71,7 +71,7 @@ if ($_GET['act'] == "del") {
$extensionname = $a_public_includes[$_GET['id']][extensionname];
$order = $a_public_includes[$_GET['id']][order];
$publicincludefilename = $order."_".$extensionname.".xml";
-
+
//delete the public include details. aka. child data
if (count($a_public_includes_details) > 0) {
$i=0;
@@ -81,17 +81,17 @@ if ($_GET['act'] == "del") {
//echo "child id: ".$i."<br />\n";
unset($a_public_includes_details[$i]);
}
- $i++;
+ $i++;
}
}
}
-
+
//if the public include xml file exists then delete it
- if (file_exists("/usr/local/freeswitch/conf/public/default/".$publicincludefilename)) {
- unlink("/usr/local/freeswitch/conf/public/default/".$publicincludefilename);
+ if (file_exists("/usr/local/freeswitch/conf/dialplan/public/".$publicincludefilename)) {
+ unlink("/usr/local/freeswitch/conf/dialplan/public/".$publicincludefilename);
}
-
- unset($publicincludefilename);
+
+ unset($publicincludefilename);
unset($a_public_includes[$_GET['id']]);
write_config();
sync_package_freeswitch_public_includes();
@@ -113,21 +113,8 @@ include("head.inc");
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
<?php
-
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=freeswitch.xml&amp;id=0");
- $tab_array[] = array(gettext("Dialplan"), false, "/freeswitch/freeswitch_dialplan_includes.php");
- $tab_array[] = array(gettext("Extensions"), false, "/freeswitch/freeswitch_extensions.php");
- $tab_array[] = array(gettext("External"), false, "/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0");
- $tab_array[] = array(gettext("Gateways"), false, "/freeswitch/freeswitch_gateways.php");
- $tab_array[] = array(gettext("Internal"), false, "/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0");
- $tab_array[] = array(gettext("IVR"), false, "/freeswitch/freeswitch_ivr.php");
- $tab_array[] = array(gettext("Modules"), false, "/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0");
- $tab_array[] = array(gettext("Public"), true, "/freeswitch/freeswitch_public_includes.php");
- $tab_array[] = array(gettext("Rec"), false, "/freeswitch/freeswitch_recordings.php");
- $tab_array[] = array(gettext("Status"), false, "/freeswitch/freeswitch_status.php");
- $tab_array[] = array(gettext("Vars"), false, "/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0");
- display_top_tabs($tab_array);
+
+display_top_tabs(build_menu());
?>
</td></tr>
@@ -138,7 +125,7 @@ include("head.inc");
<td class="tabcont" >
<form action="freeswitch_public_includes.php" method="post" name="iform" id="iform">
-<?php
+<?php
//echo "<pre>";
@@ -148,28 +135,28 @@ include("head.inc");
//if ($config_change == 1) {
// write_config();
-// $config_change = 0;
+// $config_change = 0;
//}
-//if ($savemsg) print_info_box($savemsg);
+//if ($savemsg) print_info_box($savemsg);
//if (file_exists($d_hostsdirty_path)): echo"<p>";
//print_info_box_np("The FreeSWITCH recordings have been changed.<br>You must apply the changes in order for them to take effect.");
//echo"<br />";
-//endif;
+//endif;
?>
<br />
<br />
- <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td><span class="vexpl"><span class="red"><strong>Public
</strong></span></span>
</td>
<td align='right'>
- <input type='button' value='public.xml' alt='' onclick="document.location.href='/pkg_edit.php?xml=freeswitch_public.xml&id=0';">
- </td>
+ <input type='button' value='public.xml' alt='' onclick="document.location.href='/packages/freeswitch/freeswitch_public.php';">
+ </td>
</tr>
<tr>
<td colspan='2'>
@@ -177,14 +164,14 @@ include("head.inc");
The public dialplan is used to route incoming calls to destinations based on conditions and context. It can send incoming calls to IVRs, extensions, external numbers, and scripts.
</span>
</td>
-
+
</tr>
</table>
<br />
<br />
- <br />
-
+ <br />
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="20%" class="listhdrr">Extension Name</td>
@@ -201,35 +188,55 @@ include("head.inc");
</td>
</tr>
- <?php
+ <?php
+ //create a temporary id for the array
+ $i = 0;
+ if (count($a_public_includes) > 0) {
+ foreach ($a_public_includes as $ent) {
+ $a_public_includes[$i]['id'] = $i;
+ $i++;
+ }
+ }
+
+ //order the array
+ function cmp_number($a, $b) {
+ if ($a["order"] > $b["order"]) {
+ return 1;
+ }
+ else {
+ return 0;
+ }
+ }
+ if (count($a_public_includes) > 0) { usort($a_public_includes, "cmp_number"); }
+
$i = 0;
- if (count($a_public_includes) > 0) {
+ if (count($a_public_includes) > 0) {
foreach ($a_public_includes as $ent) {
if (strlen($ent['extensionname'].$ent['enabled']) > 0) {
?>
<tr>
- <td class="listlr" ondblclick="document.location='freeswitch_public_includes_edit.php?id=<?=$i;?>'">
+ <td class="listlr" ondblclick="document.location='freeswitch_public_includes_edit.php?id=<?=$ent['id'];?>'">
<?=$ent['extensionname']?>
</td>
- <td class="listlr" ondblclick="document.location='freeswitch_public_includes_edit.php?id=<?=$i;?>'">
+ <td class="listlr" ondblclick="document.location='freeswitch_public_includes_edit.php?id=<?=$ent['id'];?>'">
<?=$ent['order']?>
</td>
- <td class="listr" ondblclick="document.location='freeswitch_public_includes_edit.php?id=<?=$i;?>';">
+ <td class="listr" ondblclick="document.location='freeswitch_public_includes_edit.php?id=<?=$ent['id'];?>';">
<?=$ent['enabled'];?>&nbsp;
</td>
- <td class="listbg" ondblclick="document.location='freeswitch_public_includes_edit.php?id=<?=$i;?>';">
+ <td class="listbg" ondblclick="document.location='freeswitch_public_includes_edit.php?id=<?=$ent['id'];?>';">
<font color="#FFFFFF"><?=htmlspecialchars($ent['descr']);?>&nbsp;
</td>
<td valign="middle" nowrap class="list">
<table border="0" cellspacing="0" cellpadding="1">
<tr>
- <td valign="middle"><a href="freeswitch_public_includes_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td>
- <td><a href="freeswitch_public_includes.php?type=publicincludes&act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td>
+ <td valign="middle"><a href="freeswitch_public_includes_edit.php?id=<?=$ent['id'];?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td>
+ <td><a href="freeswitch_public_includes.php?type=publicincludes&act=del&id=<?=$ent['id'];?>" onclick="return confirm('Do you really want to delete this?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td>
</tr>
</table>
</td>
</tr>
- <?php
+ <?php
} //end if strlen
$i++;
} //end for each
@@ -252,7 +259,7 @@ include("head.inc");
<td class="list"></td>
</tr>
</table>
-
+
</form>
/usr/local/freeswitch/conf/dialplan/public/
@@ -272,4 +279,4 @@ include("head.inc");
<?php include("fend.inc"); ?>
</body>
-</html>
+</html> \ No newline at end of file
diff --git a/config/freeswitch/freeswitch_public_includes_details.tmp b/config/freeswitch/freeswitch_public_includes_details.tmp
index c28a7647..3b3130b0 100755
--- a/config/freeswitch/freeswitch_public_includes_details.tmp
+++ b/config/freeswitch/freeswitch_public_includes_details.tmp
@@ -2,11 +2,11 @@
/* $Id$ */
/*
freeswitch_public_includes_details.php
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
diff --git a/config/freeswitch/freeswitch_public_includes_details_edit.tmp b/config/freeswitch/freeswitch_public_includes_details_edit.tmp
index 821d9097..30d07f99 100755..100644
--- a/config/freeswitch/freeswitch_public_includes_details_edit.tmp
+++ b/config/freeswitch/freeswitch_public_includes_details_edit.tmp
@@ -1,24 +1,23 @@
-<?php
+<?php
/* $Id$ */
/*
-
freeswitch_public_includes_details_edit.php
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
-
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -62,9 +61,9 @@ if (isset($_POST['publicincludeid'])) {
//tagorder
//1-20
//fieldtype
-
+
//fielddata
-
+
if (isset($id) && $a_public_includes_details[$id]) {
$pconfig['publicincludeid'] = $a_public_includes_details[$id]['publicincludeid'];
@@ -89,7 +88,7 @@ if ($_POST) {
if (!$input_errors) {
-
+
$ent = array();
$ent['publicincludeid'] = $_POST['publicincludeid'];
$ent['tag'] = $_POST['tag'];
@@ -103,7 +102,7 @@ if ($_POST) {
$a_public_includes_details[$id] = $ent;
}
else {
- //add
+ //add
$a_public_includes_details[] = $ent;
}
@@ -130,29 +129,16 @@ include("head.inc");
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
<?php
-
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=freeswitch.xml&amp;id=0");
- $tab_array[] = array(gettext("Dialplan"), false, "/freeswitch/freeswitch_dialplan_includes.php");
- $tab_array[] = array(gettext("Extensions"), false, "/freeswitch/freeswitch_extensions.php");
- $tab_array[] = array(gettext("External"), false, "/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0");
- $tab_array[] = array(gettext("Gateways"), false, "/freeswitch/freeswitch_gateways.php");
- $tab_array[] = array(gettext("Internal"), false, "/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0");
- $tab_array[] = array(gettext("IVR"), false, "/freeswitch/freeswitch_ivr.php");
- $tab_array[] = array(gettext("Modules"), false, "/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0");
- $tab_array[] = array(gettext("Public"), true, "/freeswitch/freeswitch_public_includes.php");
- $tab_array[] = array(gettext("Rec"), false, "/freeswitch/freeswitch_recordings.php");
- $tab_array[] = array(gettext("Status"), false, "/freeswitch/freeswitch_status.php");
- $tab_array[] = array(gettext("Vars"), false, "/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0");
- display_top_tabs($tab_array);
-
+
+display_top_tabs(build_menu());
+
?>
</td></tr>
</table>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="tabcont" >
-
+
<form action="freeswitch_public_includes_details_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
@@ -180,9 +166,9 @@ include("head.inc");
if (tag == "") {
document.getElementById("label_fieldtype").innerHTML = "Type";
document.getElementById("label_fielddata").innerHTML = "Data";
- }
+ }
}
- </script>
+ </script>
<?php
echo " <select name='tag' class='formfld' id='form_tag' onchange='public_include_details_tag_onchange();'>\n";
echo " <option></option>\n";
@@ -210,7 +196,7 @@ include("head.inc");
echo " <option>action</option>\n";
echo " <option>anti-action</option>\n";
//echo " <option selected='yes'>param</option>\n";
- break;
+ break;
default:
echo " <option>condition</option>\n";
echo " <option>action</option>\n";
@@ -218,31 +204,31 @@ include("head.inc");
//echo " <option>param</option>\n";
}
echo " </select>\n";
-
+
//condition
//field expression
//action
- //application
+ //application
//data
//antiaction
- //application
+ //application
//data
//param
//name
//value
-
+
?>
</td>
- </tr>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncellreq" id="label_fieldtype">Type</td>
- <td width="78%" class="vtable">
- <input name="fieldtype" type="text" class="formfld" id="fieldtype" size="40" value="<?=htmlspecialchars($pconfig['fieldtype']);?>">
+ <td width="78%" class="vtable">
+ <input name="fieldtype" type="text" class="formfld" id="fieldtype" size="40" value="<?=htmlspecialchars($pconfig['fieldtype']);?>">
</td>
- </tr>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncellreq" id="label_fielddata">Data</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="fielddata" type="text" class="formfld" id="fielddata" size="40" value="<?=htmlspecialchars($pconfig['fielddata']);?>">
<br> <span class="vexpl"></span></td>
</tr>
@@ -250,9 +236,9 @@ include("head.inc");
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
<input name="publicincludeid" type="hidden" value="<?=$publicincludeid;?>">
- <input name="parentid" type="hidden" value="<?=$parentid;?>">
+ <input name="parentid" type="hidden" value="<?=$parentid;?>">
<?php if (isset($id) && $a_public_includes_details[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>">
+ <input name="id" type="hidden" value="<?=$id;?>">
<?php endif; ?>
<input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()">
</td>
@@ -266,7 +252,7 @@ include("head.inc");
<b>Example</b>
<br />
<br />
- If the inbound call matches the DID 12085551234 then proceed to the action.
+ If the inbound call matches the DID 12085551234 then proceed to the action.
<br />
<br />
<table cellpadding='3'>
@@ -276,8 +262,8 @@ include("head.inc");
</table>
<br />
- <br />
-
+ <br />
+
Transfer the inbound call to an IVR with extension of 5000.
<br />
<br />
@@ -285,8 +271,8 @@ include("head.inc");
<tr><th class="vncellreq" width='75' align="left">Tag:</th><td class="vtable">action</td></tr>
<tr><th class="vncellreq" align="left">Application:</th><td class="vtable">transfer</td></tr>
<tr><th class="vncellreq" align="left">Data:</th><td class="vtable">5000 XML default</td></tr>
- </table>
-
+ </table>
+
<br />
<br />
@@ -297,15 +283,15 @@ include("head.inc");
<tr><th class="vncellreq" width='75' align="left">Tag:</th><td class="vtable">action</td></tr>
<tr><th class="vncellreq" align="left">Application:</th><td class="vtable">transfer</td></tr>
<tr><th class="vncellreq" align="left">Data:</th><td class="vtable">1001 XML default</td></tr>
- </table>
+ </table>
+
-
<br />
<br />
<br />
<br />
-
-
+
+
<b>Conditions</b>
<br />
<br />
@@ -322,49 +308,49 @@ include("head.inc");
<li><b>uuid</b> Unique identifier of the current call? (looks like a GUID)</li>
<li><b>source</b> Name of the FreeSwitch module that received the call (e.g. PortAudio)</li>
<li><b>chan_name</b> Name of the current channel (Example: PortAudio/1234). Give us examples when this one can be used.</li>
- <li><b>network_addr</b> IP address of the signalling source for a VoIP call.</li>
+ <li><b>network_addr</b> IP address of the signalling source for a VoIP call.</li>
</ul>
In addition to the above you can also do variables using the syntax ${variable} or api functions using the syntax %{api} {args}
<br />
<br />
- Variables may be used in either the field or the expression, as follows
+ Variables may be used in either the field or the expression, as follows
<br />
<br />
<br />
<br />
-
+
<b>Action and Anti-Actions</b>
<br />
<br />
Actions are executed when the <b>condition matches</b>. Anti-Actions are executed when the <b>condition does NOT match</b>.
Additional information on applications for Actions and Anti-Actions.<br />
- <a href='http://wiki.freeswitch.org/wiki/Modules#Applications' target='_blank'>http://wiki.freeswitch.org/wiki/Modules#Applications</a>
+ <a href='http://wiki.freeswitch.org/wiki/Modules#Applications' target='_blank'>http://wiki.freeswitch.org/wiki/Modules#Applications</a>
<br />
<a href='http://wiki.freeswitch.org/wiki/public_Functions' target='_blank'>http://wiki.freeswitch.org/wiki/public_Functions</a>
<br />
<br />
<br />
- The following is a partial list of <b>applications</b>.
+ The following is a partial list of <b>applications</b>.
<ul>
<li><b>answer</b> answer the call</li>
<li><b>bridge</b> bridge the call<li>
<li><b>cond</b></li>
- <li><b>db</b> is a a runtime database either sqlite by default or odbc</li>
+ <li><b>db</b> is a a runtime database either sqlite by default or odbc</li>
<li><b>global_set</b> allows setting of global vars similar to the ones found in vars.xml</li>
<li><b>group</b> allows grouping of several extensions for things like ring groups</li>
<li><b>expr</b></li>
- <li><b>hangup</b> hangs up the call</li>
+ <li><b>hangup</b> hangs up the call</li>
<li><b>info</b> sends call info to the console</li>
<li><b>javascript</b> run javascript .js files</li>
<li><b>playback</b></li>
<li><b>reject</b> reject the call</li>
- <li><b>respond</b></li>
- <li><b>ring_ready</b></li>
+ <li><b>respond</b></li>
+ <li><b>ring_ready</b></li>
<li><b>set</b> set a variable</li>
<li><b>set_user</b></li>
<li><b>sleep</b></li>
- <li><b>sofia_contact</b></li>
+ <li><b>sofia_contact</b></li>
<li><b>transfer</b> transfer the call to another extension or number<li>
<li><b>voicemail</b> send the call to voicemail</li>
</ul>
@@ -377,13 +363,13 @@ include("head.inc");
<b>Param</b>
Example parameters by name and value
<br />
- <a href='http://wiki.freeswitch.org/wiki/Special:Search?search=param&go=Go' target='_blank'>http://wiki.freeswitch.org/wiki/Special:Search?search=param&go=Go</a>
+ <a href='http://wiki.freeswitch.org/wiki/Special:Search?search=param&go=Go' target='_blank'>http://wiki.freeswitch.org/wiki/Special:Search?search=param&go=Go</a>
<ul>
- <li><b>codec-ms</b> 20</li>
+ <li><b>codec-ms</b> 20</li>
<li><b>codec-prefs</b> PCMU@20i</li>
<li><b>debug</b> 1</li>
<li><b>public</b> XML</li>
- <li><b>dtmf-duration</b> 100</li>
+ <li><b>dtmf-duration</b> 100</li>
<li><b>rfc2833-pt</b>" 101</li>
<li><b>sip-port</b> 5060</li>
<li><b>use-rtp-timer</b> true</li>
@@ -392,13 +378,13 @@ include("head.inc");
<br />
-->
-
+
<br />
<br />
<br />
<br />
<br />
-
+
</td>
</tr>
</table>
diff --git a/config/freeswitch/freeswitch_public_includes_edit.tmp b/config/freeswitch/freeswitch_public_includes_edit.tmp
index 94454fd3..3e0644c3 100755..100644
--- a/config/freeswitch/freeswitch_public_includes_edit.tmp
+++ b/config/freeswitch/freeswitch_public_includes_edit.tmp
@@ -1,24 +1,23 @@
-<?php
+<?php
/* $Id$ */
/*
-
freeswitch_public_includes_edit.php
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
-
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -43,7 +42,7 @@ require("/usr/local/pkg/freeswitch.inc");
//default
//enabled
//descr
-
+
//
@@ -90,11 +89,11 @@ if ($_POST) {
if (!$input_errors) {
-
+
$ent = array();
if (strlen($_POST['publicincludeid']) > 0) {
//update
- $ent['publicincludeid'] = $_POST['publicincludeid'];
+ $ent['publicincludeid'] = $_POST['publicincludeid'];
}
else {
//add
@@ -109,49 +108,49 @@ if ($_POST) {
$ent['opt1name'] = $_POST['opt1name'];
$ent['opt1value'] = $_POST['opt1value'];
-
+
if (isset($id) && $a_public_includes[$id]) {
$a_public_includes = $config['installedpackages']['freeswitchpublicincludes']['config'];
if (count($a_public_includes) > 0) {
foreach($a_public_includes as $rowhelper) {
-
+
//$rowhelper['publicincludeid'];
//$rowhelper['extensionname'];
//$rowhelper['context'];
//$rowhelper['enabled'];
-
+
$filenamechanged = false;
if ($rowhelper['publicincludeid'] == $_POST['publicincludeid']) {
-
+
if ($rowhelper['extensionname'] != $_POST['extensionname']) {
//if the extension name has changed then remove the current public xml file
//to prepare for the new file
- $filenamechanged = true;
+ $filenamechanged = true;
}
if ($rowhelper['order'] != $_POST['order']) {
//if the order has changed then remove the current public xml file
//to prepare for the new file
- $filenamechanged = true;
- }
+ $filenamechanged = true;
+ }
if ($_POST['enabled'] == "false") {
//if the extension name is disabled then remove the public xml file
$filenamechanged = true;
}
- if ($filenamechanged){
+ if ($filenamechanged){
$publicincludefilename = $rowhelper['order']."_".$rowhelper['extensionname'].".xml";
if (file_exists("/usr/local/freeswitch/conf/dialplan/public/".$publicincludefilename)) {
unlink("/usr/local/freeswitch/conf/dialplan/public/".$publicincludefilename);
}
unset($publicincludefilename);
}
-
+
}
- unset($filenamechanged);
-
+ unset($filenamechanged);
+
} //end foreach
} //end if count
-
+
//update the config
$a_public_includes[$id] = $ent;
}
@@ -183,21 +182,8 @@ include("head.inc");
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
<?php
-
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=freeswitch.xml&amp;id=0");
- $tab_array[] = array(gettext("Dialplan"), false, "/freeswitch/freeswitch_dialplan_includes.php");
- $tab_array[] = array(gettext("Extensions"), false, "/freeswitch/freeswitch_extensions.php");
- $tab_array[] = array(gettext("External"), false, "/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0");
- $tab_array[] = array(gettext("Gateways"), false, "/freeswitch/freeswitch_gateways.php");
- $tab_array[] = array(gettext("Internal"), false, "/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0");
- $tab_array[] = array(gettext("IVR"), false, "/freeswitch/freeswitch_ivr.php");
- $tab_array[] = array(gettext("Modules"), false, "/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0");
- $tab_array[] = array(gettext("Public"), true, "/freeswitch/freeswitch_public_includes.php");
- $tab_array[] = array(gettext("Rec"), false, "/freeswitch/freeswitch_recordings.php");
- $tab_array[] = array(gettext("Status"), false, "/freeswitch/freeswitch_status.php");
- $tab_array[] = array(gettext("Vars"), false, "/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0");
- display_top_tabs($tab_array);
+
+display_top_tabs(build_menu());
?>
</td></tr>
@@ -205,8 +191,8 @@ include("head.inc");
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="tabcont" >
-
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
+
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td><p><span class="vexpl"><span class="red"><strong>Public:<br>
</strong></span>
@@ -220,27 +206,27 @@ include("head.inc");
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td width="22%" valign="top" class="vncellreq">Extension Name</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="extensionname" type="text" class="formfld" id="extensionname" size="40" value="<?=htmlspecialchars($pconfig['extensionname']);?>">
<br />
- Supported characters are 'a-z', 'A-Z', '0-9', underscore '_', and period '.'.
+ Supported characters are 'a-z', 'A-Z', '0-9', underscore '_', and period '.'.
</td>
</tr>
<!--
<tr>
<td width="22%" valign="top" class="vncellreq">Context</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="context" type="text" class="formfld" id="context" size="40" value="<?=htmlspecialchars($pconfig['context']);?>">
<br />
e.g. default
</td>
</tr>
-->
-
+
<tr>
<td width="22%" valign="top" class="vncellreq">Enabled</td>
- <td width="78%" class="vtable">
- <?php
+ <td width="78%" class="vtable">
+ <?php
echo " <select name='enabled' class='formfld'>\n";
echo " <option></option>\n";
switch (htmlspecialchars($pconfig['enabled'])) {
@@ -258,30 +244,30 @@ include("head.inc");
echo " <option value='false'>false</option>\n";
}
echo " </select>\n";
- ?>
+ ?>
</td>
</tr>
-
+
<tr>
<td width="22%" valign="top" class="vncellreq">Order</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<?php
-
+
echo " <select name='order' class='formfld'>\n";
echo " <option></option>\n";
if (strlen(htmlspecialchars($pconfig['order']))> 0) {
- echo " <option selected='yes' value='".htmlspecialchars($pconfig['order'])."'>".htmlspecialchars($pconfig['order'])."</option>\n";
+ echo " <option selected='yes' value='".htmlspecialchars($pconfig['order'])."'>".htmlspecialchars($pconfig['order'])."</option>\n";
}
$i=0;
while($i<=999) {
- if (strlen($i) == 1) {
+ if (strlen($i) == 1) {
echo " <option value='00$i'>00$i</option>\n";
}
if (strlen($i) == 2) {
echo " <option value='0$i'>0$i</option>\n";
}
if (strlen($i) == 3) {
- echo " <option value='$i'>$i</option>\n";
+ echo " <option value='$i'>$i</option>\n";
}
$i++;
@@ -289,24 +275,24 @@ include("head.inc");
echo " </select>\n";
?>
<br />
- Processing of each public include is determined by this order.
+ Processing of each public include is determined by this order.
</td>
</tr>
-
+
<tr>
<td width="22%" valign="top" class="vncell">Description</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
<br> <span class="vexpl">You may enter a description here
for your reference (not parsed).</span></td>
- </tr>
+ </tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
<input name="publicincludeid" type="hidden" value="<?=htmlspecialchars($pconfig['publicincludeid']);?>">
- <?php
+ <?php
if (strlen($id) > 0 && $a_public_includes[$id]) {
- echo "\n";
+ echo "\n";
echo " <input name=\"id\" type=\"hidden\" value=\"$id\">\n";
echo " <input name=\"opt1name\" type=\"hidden\" value=\"".htmlspecialchars($pconfig['opt1name'])."\">\n";
echo " <input name=\"opt1value\" type=\"hidden\" value=\"".htmlspecialchars($pconfig['opt1value'])."\">\n";
@@ -317,36 +303,36 @@ include("head.inc");
</tr>
</table>
</form>
-
+
<br>
<br>
<form action="freeswitch_public_includes_edit.php" method="post" name="iform2" id="iform2">
- <?php
-
+ <?php
+
//echo "<pre>";
//print_r ($a_public_includes);
//echo "</pre>";
-
- //if ($savemsg) print_info_box($savemsg);
+
+ //if ($savemsg) print_info_box($savemsg);
//if (file_exists($d_hostsdirty_path)): echo"<p>";
//print_info_box_np("The FreeSWITCH recordings have been changed.<br>You must apply the changes in order for them to take effect.");
//echo"<br />";
- //endif;
-
+ //endif;
+
?>
-
-
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
+
+
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td><p><span class="vexpl"><span class="red"><strong>Conditions and Actions<br />
</strong></span>
- The following conditions, actions and anti-actions are used in the public to direct call flow. Each is processed in order until you reach the action tag which tells FreeSWITCH what action to perform. You are not limited to only one condition or action tag for a given extension.
+ The following conditions, actions and anti-actions are used in the public to direct call flow. Each is processed in order until you reach the action tag which tells FreeSWITCH what action to perform. You are not limited to only one condition or action tag for a given extension.
</span></p></td>
</tr>
</table>
<br />
-
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="20%" class="listhdrr">Tag</td>
@@ -360,13 +346,13 @@ include("head.inc");
</tr>
</table>
</td>
- </tr>
-
- <?php
-
+ </tr>
+
+ <?php
+
$i = 0;
if (count($a_public_include_details) > 0) {
-
+
foreach ($a_public_include_details as $ent) {
if ($ent['tag'] == "condition" && $publicincludeid == $ent['publicincludeid']) {
?>
@@ -379,7 +365,7 @@ include("head.inc");
</td>
<td class="listr" ondblclick="document.location='freeswitch_public_includes_details_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';">
<?=$ent['fielddata'];?>&nbsp;
- </td>
+ </td>
<td valign="middle" nowrap class="list">
<table border="0" cellspacing="0" cellpadding="1">
<tr>
@@ -389,15 +375,15 @@ include("head.inc");
</table>
</td>
</tr>
- <?php
+ <?php
}
- $i++;
+ $i++;
}
}
-
+
$i = 0;
if (count($a_public_include_details) > 0) {
-
+
foreach ($a_public_include_details as $ent) {
if ($ent['tag'] == "action" && $publicincludeid == $ent['publicincludeid']) {
?>
@@ -410,7 +396,7 @@ include("head.inc");
</td>
<td class="listr" ondblclick="document.location='freeswitch_public_includes_details_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';">
<?=$ent['fielddata'];?>&nbsp;
- </td>
+ </td>
<td valign="middle" nowrap class="list">
<table border="0" cellspacing="0" cellpadding="1">
<tr>
@@ -420,15 +406,15 @@ include("head.inc");
</table>
</td>
</tr>
- <?php
+ <?php
}
- $i++;
+ $i++;
}
}
-
+
$i = 0;
if (count($a_public_include_details) > 0) {
-
+
foreach ($a_public_include_details as $ent) {
if ($ent['tag'] == "anti-action" && $publicincludeid == $ent['publicincludeid']) {
?>
@@ -441,7 +427,7 @@ include("head.inc");
</td>
<td class="listr" ondblclick="document.location='freeswitch_public_includes_details_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';">
<?=$ent['fielddata'];?>&nbsp;
- </td>
+ </td>
<td valign="middle" nowrap class="list">
<table border="0" cellspacing="0" cellpadding="1">
<tr>
@@ -451,15 +437,15 @@ include("head.inc");
</table>
</td>
</tr>
- <?php
+ <?php
}
- $i++;
+ $i++;
}
}
-
+
$i = 0;
if (count($a_public_include_details) > 0) {
-
+
foreach ($a_public_include_details as $ent) {
if ($ent['tag'] == "param" && $publicincludeid == $ent['publicincludeid']) {
?>
@@ -472,7 +458,7 @@ include("head.inc");
</td>
<td class="listr" ondblclick="document.location='freeswitch_public_includes_details_edit.php?id=<?=$i;?>&parentid=<?=$parentid;?>&publicincludeid=<?=$publicincludeid;?>';">
<?=$ent['fielddata'];?>&nbsp;
- </td>
+ </td>
<td valign="middle" nowrap class="list">
<table border="0" cellspacing="0" cellpadding="1">
<tr>
@@ -482,11 +468,11 @@ include("head.inc");
</table>
</td>
</tr>
- <?php
+ <?php
}
- $i++;
+ $i++;
}
- }
+ }
?>
<tr>
<td class="list" colspan="3"></td>
@@ -506,12 +492,12 @@ include("head.inc");
<td class="list"></td>
</tr>
</table>
-
+
</form>
-
+
+ <br>
<br>
- <br>
</td>
</tr>
diff --git a/config/freeswitch/freeswitch_recordings.tmp b/config/freeswitch/freeswitch_recordings.tmp
index 7d9b539d..15f3be5e 100755..100644
--- a/config/freeswitch/freeswitch_recordings.tmp
+++ b/config/freeswitch/freeswitch_recordings.tmp
@@ -2,11 +2,11 @@
/* $Id$ */
/*
freeswitch_recordings.php
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -49,7 +49,7 @@ if ($_GET['a'] == "download") {
header("Content-Type: application/octet-stream");
header("Content-Type: application/download");
header("Content-Description: File Transfer");
- header('Content-Disposition: attachment; filename="'.$_GET['filename'].'"');
+ header('Content-Disposition: attachment; filename="'.$_GET['filename'].'"');
}
else {
$file_ext = substr($_GET['filename'], -3);
@@ -58,7 +58,7 @@ if ($_GET['a'] == "download") {
}
if ($file_ext == "mp3") {
header("Content-Type: audio/mp3");
- }
+ }
}
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
@@ -66,7 +66,7 @@ if ($_GET['a'] == "download") {
fpassthru($fd);
}
}
-
+
if ($_GET['type'] = "moh") {
if (file_exists($dir_music_on_hold_8000.$_GET['filename'])) {
$fd = fopen($dir_music_on_hold_8000.$_GET['filename'], "rb");
@@ -75,7 +75,7 @@ if ($_GET['a'] == "download") {
header("Content-Type: application/octet-stream");
header("Content-Type: application/download");
header("Content-Description: File Transfer");
- header('Content-Disposition: attachment; filename="'.$_GET['filename'].'"');
+ header('Content-Disposition: attachment; filename="'.$_GET['filename'].'"');
}
else {
$file_ext = substr($_GET['filename'], -3);
@@ -84,7 +84,7 @@ if ($_GET['a'] == "download") {
}
if ($file_ext == "mp3") {
header("Content-Type: audio/mp3");
- }
+ }
}
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
@@ -158,21 +158,8 @@ function EvalSound(soundobj) {
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
<?php
-
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=freeswitch.xml&amp;id=0");
- $tab_array[] = array(gettext("Dialplan"), false, "/freeswitch/freeswitch_dialplan_includes.php");
- $tab_array[] = array(gettext("Extensions"), false, "/freeswitch/freeswitch_extensions.php");
- $tab_array[] = array(gettext("External"), false, "/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0");
- $tab_array[] = array(gettext("Gateways"), false, "/freeswitch/freeswitch_gateways.php");
- $tab_array[] = array(gettext("Internal"), false, "/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0");
- $tab_array[] = array(gettext("IVR"), false, "/freeswitch/freeswitch_ivr.php");
- $tab_array[] = array(gettext("Modules"), false, "/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0");
- $tab_array[] = array(gettext("Public"), false, "/freeswitch/freeswitch_public_includes.php");
- $tab_array[] = array(gettext("Rec"), true, "/freeswitch/freeswitch_recordings.php");
- $tab_array[] = array(gettext("Status"), false, "/freeswitch/freeswitch_status.php");
- $tab_array[] = array(gettext("Vars"), false, "/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0");
- display_top_tabs($tab_array);
+
+display_top_tabs(build_menu());
?>
</td></tr>
@@ -182,29 +169,29 @@ function EvalSound(soundobj) {
<tr>
<td class="tabcont" >
-<?php
+<?php
//build a list of recordings from the config.xml
$config_recording_list = '';
-$i = 0;
+$i = 0;
if (count($a_recordings) > 0) {
foreach ($a_recordings as $recordingent) {
$config_recording_list .= $recordingent['filename']."|";
- $i++;
+ $i++;
}
}
-
+
$config_change = 0;
if (is_dir($dir_recordings)) {
if ($dh = opendir($dir_recordings)) {
while (($file = readdir($dh)) !== false) {
- if (filetype($dir_recordings . $file) == "file") {
-
+ if (filetype($dir_recordings . $file) == "file") {
+
if (strpos($config_recording_list, $file) === false) {
-
+
//$handle = fopen($dir_recordings.$file,'rb');
//$file_content = fread($handle,filesize($dir_recordings.$file));
//fclose($handle);
@@ -217,83 +204,83 @@ if (is_dir($dir_recordings)) {
$recordingent['recordingid'] = guid();
//$recordingent['filecontent'] = base64_encode($file_content);
$recordingent['descr'] = 'Auto';
-
+
$a_recordings[] = $recordingent;
write_config();
-
+
unset($file_content);
-
+
}
else {
//echo "The file was found.<br/>";
}
-
+
}
}
closedir($dh);
}
}
-
-//saved for future use if and when config.xml scales well
+
+//saved for future use if and when config.xml scales well
//enough to save the files inside it
//$i = 0;
-//if (count($a_recordings) > 0) {
+//if (count($a_recordings) > 0) {
// foreach ($a_recordings as $recordingent) {
// if (!is_file($dir_recordings.$recordingent['filename'])) {
//echo "not found: ".$recordingent['filename']."<br />";
-
+
//recording not found restore the file from the config.xml
- //$file_content = $recordingent['filecontent'];
+ //$file_content = $recordingent['filecontent'];
//$handle = fopen($dir_recordings.$recordingent['filename'],'w');
- //fwrite ($handle, base64_decode($file_content));
+ //fwrite ($handle, base64_decode($file_content));
//unset($file_content);
//fclose($handle);
- //$recordingent['filecontent'] = base64_encode($file_content);
-
- // loop through recordings in the config.xml
+ //$recordingent['filecontent'] = base64_encode($file_content);
+
+ // loop through recordings in the config.xml
// if the file does not exist remove it from the file system.
//unset($a_recordings[$i]);
-
-// $config_change = 1;
+
+// $config_change = 1;
// }
// else {
- //echo "found: ".$recordingent['filename']."<br />";
+ //echo "found: ".$recordingent['filename']."<br />";
// }
-// $i++;
+// $i++;
// }
//}
if ($config_change == 1) {
write_config();
- $config_change = 0;
+ $config_change = 0;
}
-//if ($savemsg) print_info_box($savemsg);
+//if ($savemsg) print_info_box($savemsg);
//if (file_exists($d_hostsdirty_path)): echo"<p>";
//print_info_box_np("The FreeSWITCH recordings have been changed.<br>You must apply the changes in order for them to take effect.");
//echo"<br />";
-//endif;
+//endif;
?>
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td><p><span class="vexpl"><span class="red"><strong>Recordings:<br>
</strong></span>
- To make a recording dial extension 732673 (record) or you can make a
- 16bit 8khz/16khz Mono WAV file then copy it to the
- following directory then refresh the page to play it back.
- Click on the 'Filename' to download it or the 'Recording Name' to
+ To make a recording dial *732673 (record) or you can make a
+ 16bit 8khz/16khz Mono WAV file then copy it to the
+ following directory then refresh the page to play it back.
+ Click on the 'Filename' to download it or the 'Recording Name' to
play the audio.
</span></p></td>
</tr>
</table>
-
+
<br />
-
+
<div id="niftyOutter">
<form action="" method="POST" enctype="multipart/form-data" name="frmUpload" onSubmit="">
<table border='0'>
@@ -307,11 +294,11 @@ if ($config_change == 1) {
<input name="ulfile" type="file" class="button" id="ulfile">
<input name="submit" type="submit" class="button" id="upload" value="Upload">
</td>
- </tr>
+ </tr>
</table>
</div>
</form>
-
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="30%" class="listhdrr">Filename (download)</td>
@@ -329,9 +316,9 @@ if ($config_change == 1) {
</td>
</tr>
- <?php
+ <?php
$i = 0;
- if (count($a_recordings) > 0) {
+ if (count($a_recordings) > 0) {
foreach ($a_recordings as $recordingent) {
?>
<tr>
@@ -343,7 +330,7 @@ if ($config_change == 1) {
<td class="listr" ondblclick="document.location='freeswitch_recordings_edit.php?id=<?=$i;?>';">
<a href="javascript:void(0);" onclick="window.open('freeswitch_recordings_play.php?a=download&type=rec&filename=<?=$recordingent['filename'];?>', 'play',' width=420,height=40,menubar=no,status=no,toolbar=no')">
<?=$recordingent['recordingname'];?>&nbsp;
- </a>
+ </a>
</td>
<td class="listbg" ondblclick="document.location='freeswitch_recordings_edit.php?id=<?=$i;?>';">
<font color="#FFFFFF"><?=htmlspecialchars($recordingent['descr']);?>&nbsp;
@@ -357,12 +344,12 @@ if ($config_change == 1) {
</table>
</td>
</tr>
- <?php
+ <?php
$i++;
- } //end for each
+ } //end for each
} //end count
?>
-
+
<!--
<tr>
<td class="list" colspan="3"></td>
@@ -382,28 +369,28 @@ if ($config_change == 1) {
<td class="list"></td>
</tr>
</table>
-
+
<br />
<br />
<br />
-
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
+
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td><p><span class="vexpl"><span class="red"><strong>Music on Hold:<br>
</strong></span>
- Music on hold can be in WAV or MP3 format. To play MP3 you must have
- mod_shout enabled on the 'Modules' tab. For best performance
- upload 16bit 8khz/16khz Mono WAV files.
- <!--Click on the 'Filename' to download it or the 'Recording Name' to
+ Music on hold can be in WAV or MP3 format. To play an MP3 file you must have
+ mod_shout enabled on the 'Modules' tab. You can adjust the volume of the MP3
+ audio from the 'Settings' tab. For best performance upload 16bit 8khz/16khz Mono WAV files.
+ <!--Click on the 'Filename' to download it or the 'Recording Name' to
play the audio.-->
</span></p></td>
</tr>
</table>
-
+
<br />
-
+
<div id="niftyOutter">
<form action="" method="POST" enctype="multipart/form-data" name="frmUpload" onSubmit="">
<table border='0'>
@@ -416,8 +403,8 @@ if ($config_change == 1) {
<td valign="top" class="label">
<input name="ulfile" type="file" class="button" id="ulfile">
<input name="submit" type="submit" class="button" id="upload" value="Upload">
- </td>
- </tr>
+ </td>
+ </tr>
</table>
</div>
</form>
@@ -436,7 +423,7 @@ if ($config_change == 1) {
if ($handle = opendir($dir_music_on_hold_8000)) {
while (false !== ($file = readdir($handle))) {
if ($file != "." && $file != ".." && is_file($dir_music_on_hold_8000.$file)) {
-
+
$tmp_filesize = filesize($dir_music_on_hold_8000.$file);
$tmp_filesize = byte_convert($tmp_filesize);
@@ -444,18 +431,18 @@ if ($config_change == 1) {
echo " <td class=\"listlr\" ondblclick=\"\">\n";
echo " <a href=\"freeswitch_recordings.php?a=download&type=moh&t=bin&filename=".$file."\">\n";
echo " $file";
- echo " </a>";
+ echo " </a>";
echo " </td>\n";
echo " <td class=\"listlr\" ondblclick=\"\">\n";
echo " <a href=\"javascript:void(0);\" onclick=\"window.open('freeswitch_recordings_play.php?a=download&type=moh&filename=".$file."', 'play',' width=420,height=40,menubar=no,status=no,toolbar=no')\">\n";
$tmp_file_array = split("\.",$file);
echo " ".$tmp_file_array[0];
- echo " </a>";
- echo " </td>\n";
+ echo " </a>";
+ echo " </td>\n";
echo " <td class=\"listlr\" ondblclick=\"\">\n";
echo date ("F d Y H:i:s", filemtime($dir_music_on_hold_8000.$file));
echo " </td>\n";
- echo " <td class=\"listlr\" ondblclick=\"\">\n";
+ echo " <td class=\"listlr\" ondblclick=\"\">\n";
echo " ".$tmp_filesize;
echo " </td>\n";
echo " <td valign=\"middle\" nowrap class=\"list\">\n";
@@ -467,7 +454,7 @@ if ($config_change == 1) {
echo " </table>\n";
echo " </td>\n";
echo "</tr>\n";
-
+
}
}
closedir($handle);
diff --git a/config/freeswitch/freeswitch_recordings_edit.tmp b/config/freeswitch/freeswitch_recordings_edit.tmp
index 18612b93..1e38d616 100755..100644
--- a/config/freeswitch/freeswitch_recordings_edit.tmp
+++ b/config/freeswitch/freeswitch_recordings_edit.tmp
@@ -1,24 +1,23 @@
-<?php
+<?php
/* $Id$ */
/*
-
freeswitch_recordings_edit.php
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
-
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -77,13 +76,13 @@ if ($_POST) {
//if file name is not the same then rename the file
if ($_POST['filename'] != $_POST['filename_orig']) {
- rename('/usr/local/freeswitch/recordings/'.$_POST['filename_orig'], '/usr/local/freeswitch/recordings/'.$_POST['filename']);
+ rename('/usr/local/freeswitch/recordings/'.$_POST['filename_orig'], '/usr/local/freeswitch/recordings/'.$_POST['filename']);
}
$a_recordings[$id] = $recordingent;
}
else {
//add
- $recordingent['filename'] = $_POST['filename'];
+ $recordingent['filename'] = $_POST['filename'];
$a_recordings[] = $recordingent;
}
@@ -108,21 +107,8 @@ include("head.inc");
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
<?php
-
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=freeswitch.xml&amp;id=0");
- $tab_array[] = array(gettext("Dialplan"), false, "/freeswitch/freeswitch_dialplan_includes.php");
- $tab_array[] = array(gettext("Extensions"), false, "/freeswitch/freeswitch_extensions.php");
- $tab_array[] = array(gettext("External"), false, "/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0");
- $tab_array[] = array(gettext("Gateways"), false, "/freeswitch/freeswitch_gateways.php");
- $tab_array[] = array(gettext("Internal"), false, "/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0");
- $tab_array[] = array(gettext("IVR"), false, "/freeswitch/freeswitch_ivr.php");
- $tab_array[] = array(gettext("Modules"), false, "/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0");
- $tab_array[] = array(gettext("Public"), false, "/freeswitch/freeswitch_public_includes.php");
- $tab_array[] = array(gettext("Rec"), true, "/freeswitch/freeswitch_recordings.php");
- $tab_array[] = array(gettext("Status"), false, "/freeswitch/freeswitch_status.php");
- $tab_array[] = array(gettext("Vars"), false, "/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0");
- display_top_tabs($tab_array);
+
+display_top_tabs(build_menu());
?>
</td></tr>
@@ -130,26 +116,26 @@ include("head.inc");
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="tabcont" >
-
+
<form action="freeswitch_recordings_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td width="22%" valign="top" class="vncellreq">Filename</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="filename" type="text" class="formfld" id="filename" size="40" value="<?=htmlspecialchars($pconfig['filename']);?>">
<br> <span class="vexpl">Name of the file<br>
e.g. <em>example.wav</em></span></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Recording Name</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="recordingname" type="text" class="formfld" id="recordingname" size="40" value="<?=htmlspecialchars($pconfig['recordingname']);?>">
<br> <span class="vexpl">Recording Name<br>
e.g. <em>recordingx</em></span></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell">Description</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
<br> <span class="vexpl">You may enter a description here
for your reference (not parsed).</span></td>
@@ -167,7 +153,7 @@ include("head.inc");
</tr>
</table>
</form>
-
+
<br>
<br>
<br>
diff --git a/config/freeswitch/freeswitch_recordings_play.tmp b/config/freeswitch/freeswitch_recordings_play.tmp
index 8dfb90c2..1c63b592 100755
--- a/config/freeswitch/freeswitch_recordings_play.tmp
+++ b/config/freeswitch/freeswitch_recordings_play.tmp
@@ -1,24 +1,23 @@
-<?php
+<?php
/* $Id$ */
/*
-
freeswitch_recordings_play.php
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
-
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -45,11 +44,11 @@ $type = $_GET['type']; //moh //rec
<td align='center'>
<b>file: <?=$filename?></b>
</td>
- </tr>
+ </tr>
<tr>
<td align='center'>
<?php
-
+
$file_ext = substr($_GET['filename'], -3);
if ($file_ext == "wav") {
echo "<embed src=\"freeswitch_recordings.php?a=download&type=".$type."&filename=".$filename."\" autostart=true width=200 height=40 name=\"sound".$$filename."\" enablejavascript=\"true\">\n";
@@ -60,7 +59,7 @@ $type = $_GET['type']; //moh //rec
echo "<param name=\"quality\" value=\"high\"/>\n";
echo "<param name=\"bgcolor\" value=\"#E6E6E6\"/>\n";
echo "</object>\n";
- }
+ }
?>
</td>
diff --git a/config/freeswitch/freeswitch_status.tmp b/config/freeswitch/freeswitch_status.tmp
index 2d84a6ec..413fbbbd 100755..100644
--- a/config/freeswitch/freeswitch_status.tmp
+++ b/config/freeswitch/freeswitch_status.tmp
@@ -4,7 +4,7 @@
freeswitch_status.php
Copyright (C) 2008 Mark J Crane
All rights reserved.
-
+
FreeSWITCH (TM)
http://www.freeswitch.org/
@@ -45,9 +45,12 @@ if ($_GET['a'] == "download") {
$filename = 'Master.csv';
}
if ($_GET['t'] == "backup") {
- $tmp = '/tmp/';
+ $tmp = '/root/backup/';
$filename = 'freeswitch.bak.tgz';
- system('cd /usr/local/;tar cvzf /tmp/freeswitch.bak.tgz freeswitch');
+ if (!is_dir('/root/backup/')) {
+ exec("mkdir /root/backup/");
+ }
+ system('cd /usr/local/;tar cvzf /root/backup/freeswitch.bak.tgz freeswitch');
}
session_cache_limiter('public');
$fd = fopen($tmp.$filename, "rb");
@@ -60,32 +63,38 @@ if ($_GET['a'] == "download") {
if ($_GET['a'] == "other") {
if ($_GET['t'] == "restore") {
- $tmp = '/tmp/';
+ $tmp = '/root/backup/';
$filename = 'freeswitch.bak.tgz';
-
+
//extract a specific directory to /usr/local/freeswitch
- if (file_exists('/tmp/'.$filename)) {
+ if (file_exists('/root/backup/'.$filename)) {
//echo "The file $filename exists";
- //Recommended
- system('cd /usr/local; tar xvpfz /tmp/'.$filename.' freeswitch/db/');
- system('cd /usr/local; tar xvpfz /tmp/'.$filename.' freeswitch/log/');
- system('cd /usr/local; tar xvpfz /tmp/'.$filename.' freeswitch/recordings/');
- system('cd /usr/local; tar xvpfz /tmp/'.$filename.' freeswitch/scripts/');
- system('cd /usr/local; tar xvpfz /tmp/'.$filename.' freeswitch/storage/');
-
- //Optional
- //system('cd /usr/local; tar xvpfz /tmp/'.$filename.' freeswitch/conf/');
- //system('cd /usr/local; tar xvpfz /tmp/'.$filename.' freeswitch/grammar/');
- //system('cd /usr/local; tar xvpfz /tmp/'.$filename.' freeswitch/htdocs/');
- //system('cd /usr/local; tar xvpfz /tmp/'.$filename.' freeswitch/sounds/');
-
- header( 'Location: freeswitch_status.php?savemsg=Backup+has+been+restored.' ) ;
+ //Recommended
+ system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/db/');
+ system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/log/');
+ system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/recordings/');
+ system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/scripts/');
+ system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/storage/');
+ system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/sounds/custom/8000/');
+ system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/sounds/music/8000/');
+ system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/conf/ssl');
+ system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/conf/sip_profiles/');
+ system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/conf/vars.xml');
+ system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/conf/dialplan/default.xml');
+ system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/conf/dialplan/public.xml');
+
+ //Optional
+ //system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/conf/');
+ //system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/grammar/');
+ //system('cd /usr/local; tar xvpfz /root/backup/'.$filename.' freeswitch/htdocs/');
+
+ header( 'Location: freeswitch_status.php?savemsg=Backup+has+been+restored.' ) ;
}
else {
header( 'Location: freeswitch_status.php?savemsg=Restore+failed.+Backup+file+not+found.' ) ;
- }
-
+ }
+
exit;
}
}
@@ -102,14 +111,33 @@ $savemsg = $_GET["savemsg"];
if (!pkg_is_service_running('freeswitch')) {
$handle = popen("/usr/local/etc/rc.d/freeswitch.sh start", "r");
pclose($handle);
+ //give freeswitch time to load
+ sleep(7);
}
?>
+
+<script language="Javascript" type="text/javascript" src="/edit_area/edit_area_full.js"></script>
+<script language="Javascript" type="text/javascript">
+ // initialisation
+ editAreaLoader.init({
+ id: "log" // id of the textarea to transform
+ ,start_highlight: false
+ ,allow_toggle: true
+ ,display: "later"
+ ,language: "en"
+ ,syntax: "html"
+ ,toolbar: "search, go_to_line,|, fullscreen, |, undo, redo, |, select_font, |, syntax_selection, |, change_smooth_selection, highlight, reset_highlight, |, help"
+ ,syntax_selection_allow: "css,html,js,php,xml,c,cpp,sql"
+ ,show_line_colors: true
+ });
+</script>
+
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
<p class="pgtitle">FreeSWITCH: Status</font></p>
-<?php
+<?php
if ($savemsg) {
print_info_box($savemsg);
}
@@ -119,21 +147,8 @@ if ($savemsg) {
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
<?php
-
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=freeswitch.xml&amp;id=0");
- $tab_array[] = array(gettext("Dialplan"), false, "/freeswitch/freeswitch_dialplan_includes.php");
- $tab_array[] = array(gettext("Extensions"), false, "/freeswitch/freeswitch_extensions.php");
- $tab_array[] = array(gettext("External"), false, "/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0");
- $tab_array[] = array(gettext("Gateways"), false, "/freeswitch/freeswitch_gateways.php");
- $tab_array[] = array(gettext("Internal"), false, "/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0");
- $tab_array[] = array(gettext("IVR"), false, "/freeswitch/freeswitch_ivr.php");
- $tab_array[] = array(gettext("Modules"), false, "/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0");
- $tab_array[] = array(gettext("Public"), false, "/freeswitch/freeswitch_public_includes.php");
- $tab_array[] = array(gettext("Rec"), false, "/freeswitch/freeswitch_recordings.php");
- $tab_array[] = array(gettext("Status"), true, "/freeswitch/freeswitch_status.php");
- $tab_array[] = array(gettext("Vars"), false, "/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0");
- display_top_tabs($tab_array);
+
+display_top_tabs(build_menu());
?>
</td></tr>
@@ -156,60 +171,41 @@ echo "<td width='50%'>\n";
echo " <b>sofia status</b> \n";
echo "</td>\n";
echo "<td width='50%' align='right'>\n";
-echo " <input type='button' value='reloadxml' onclick=\"document.location.href='/freeswitch/freeswitch_cmd.php?cmd=api+reloadxml';\" />\n";
-echo "</td>\n";
-echo "</tr>\n";
-echo "</table>\n";
-echo "<pre style=\"font-size: 9pt;\">\n";
-echo $response;
-echo "</pre>\n";
-fclose($fp);
-echo "<br /><br />\n\n";
-
-
-$fp = event_socket_create($host, $port, $password);
-$cmd = "api sofia status profile internal";
-$response = event_socket_request($fp, $cmd);
-echo "<table width='690' cellpadding='0' cellspacing='0' border='0'>\n";
-echo "<tr>\n";
-echo "<td width='50%'>\n";
-echo " <b>sofia status profile internal</b> \n";
-echo "</td>\n";
-echo "<td width='50%' align='right'>\n";
-echo " <input type='button' value='start' onclick=\"document.location.href='/freeswitch/freeswitch_cmd.php?cmd=api+sofia+profile+internal+start';\" />\n";
-echo " <input type='button' value='stop' onclick=\"document.location.href='/freeswitch/freeswitch_cmd.php?cmd=api+sofia+profile+internal+stop';\" />\n";
-echo " <input type='button' value='flush_inbound_reg' onclick=\"document.location.href='/freeswitch/freeswitch_cmd.php?cmd=api+sofia+profile+internal+flush_inbound_reg';\" />\n";
+echo " <input type='button' value='reloadxml' onclick=\"document.location.href='/packages/freeswitch/freeswitch_cmd.php?cmd=api+reloadxml';\" />\n";
echo "</td>\n";
echo "</tr>\n";
echo "</table>\n";
echo "<pre style=\"font-size: 9pt;\">\n";
-echo $response;
+echo $response;
echo "</pre>\n";
-fclose($fp);
+fclose($fp);
echo "<br /><br />\n\n";
+foreach (ListFiles('/usr/local/freeswitch/conf/sip_profiles') as $key=>$sip_profile_file){
+
+ $sip_profile_name = str_replace(".xml", "", $sip_profile_file);
+ $fp = event_socket_create($host, $port, $password);
+ $cmd = "api sofia status profile ".$sip_profile_name;
+ $response = event_socket_request($fp, $cmd);
+ echo "<table width='690' cellpadding='0' cellspacing='0' border='0'>\n";
+ echo "<tr>\n";
+ echo "<td width='50%'>\n";
+ echo " <b>sofia status profile $sip_profile_name</b> \n";
+ echo "</td>\n";
+ echo "<td width='50%' align='right'>\n";
+ echo " <input type='button' value='start' onclick=\"document.location.href='/packages/freeswitch/freeswitch_cmd.php?cmd=api+sofia+profile+".$sip_profile_name."+start';\" />\n";
+ echo " <input type='button' value='stop' onclick=\"document.location.href='/packages/freeswitch/freeswitch_cmd.php?cmd=api+sofia+profile+".$sip_profile_name."+stop';\" />\n";
+ echo " <input type='button' value='flush_inbound_reg' onclick=\"document.location.href='/packages/freeswitch/freeswitch_cmd.php?cmd=api+sofia+profile+".$sip_profile_name."+flush_inbound_reg';\" />\n";
+ echo "</td>\n";
+ echo "</tr>\n";
+ echo "</table>\n";
+ echo "<pre style=\"font-size: 9pt;\">\n";
+ echo $response;
+ echo "</pre>\n";
+ fclose($fp);
+ echo "<br /><br />\n\n";
-$fp = event_socket_create($host, $port, $password);
-$cmd = "api sofia status profile external";
-$response = event_socket_request($fp, $cmd);
-echo "<table width='690' cellpadding='0' cellspacing='0' border='0'>\n";
-echo "<tr>\n";
-echo "<td width='50%'>\n";
-echo " <b>sofia status profile external</b> \n";
-echo "</td>\n";
-echo "<td width='50%' align='right'>\n";
-echo " <input type='button' value='start' onclick=\"document.location.href='/freeswitch/freeswitch_cmd.php?cmd=api+sofia+profile+external+start+reloadxml';\" />\n";
-echo " <input type='button' value='stop' onclick=\"document.location.href='/freeswitch/freeswitch_cmd.php?cmd=api+sofia+profile+external+stop';\" />\n";
-echo " <input type='button' value='restart' onclick=\"document.location.href='/freeswitch/freeswitch_cmd.php?cmd=api+sofia+profile+external+restart+reloadxml';\" />\n";
-echo " <input type='button' value='rescan' onclick=\"document.location.href='/freeswitch/freeswitch_cmd.php?cmd=api+sofia+profile+external+rescan+reloadxml';\" />\n";
-echo "</td>\n";
-echo "</tr>\n";
-echo "</table>\n";
-echo "<pre style=\"font-size: 9pt;\">\n";
-echo $response;
-echo "</pre>\n";
-fclose($fp);
-echo "<br /><br />\n\n";
+}
$fp = event_socket_create($host, $port, $password);
@@ -217,16 +213,16 @@ $cmd = "api status";
$response = event_socket_request($fp, $cmd);
echo "<b>status</b><br />\n";
echo "<pre style=\"font-size: 9pt;\">\n";
-echo $response;
+echo $response;
echo "</pre>\n";
-fclose($fp);
-echo "<br /><br />\n\n";
+fclose($fp);
+echo "<br /><br />\n\n";
$fp = event_socket_create($host, $port, $password);
$cmd = "api show channels";
$response = event_socket_request($fp, $cmd);
-echo "<b>show channels</b>\n";
+echo "<b>show channels</b><br />\n";
if (strlen($response) > 40) {
echo "<textarea cols='85' rows='10' wrap='off'>\n";
echo $response;
@@ -237,7 +233,7 @@ else {
echo $response;
echo "</pre>\n";
}
-fclose($fp);
+fclose($fp);
echo "<br /><br />\n\n";
echo "<br /><br />\n\n";
@@ -245,7 +241,7 @@ echo "<br /><br />\n\n";
$fp = event_socket_create($host, $port, $password);
$cmd = "api show calls";
$response = event_socket_request($fp, $cmd);
-echo "<b>show calls</b>\n";
+echo "<b>show calls</b><br />\n";
if (strlen($response) > 40) {
echo "<textarea cols='85' rows='10' wrap='off'>\n";
echo $response;
@@ -256,7 +252,7 @@ else {
echo $response;
echo "</pre>\n";
}
-fclose($fp);
+fclose($fp);
echo "<br /><br />\n\n";
echo "<br /><br />\n\n";
@@ -265,15 +261,15 @@ echo "<table width='690' cellpadding='0' cellspacing='0' border='0'>\n";
echo "<tr>\n";
echo "<td width='80%'>\n";
echo "<b>Backup / Restore</b><br />\n";
-echo "The 'backup' button will tar gzip /usr/local/freeswitch/ to /tmp/freeswitch.bak.tgz it then presents a file to download. \n";
-echo "If the backup file does not exist in /tmp/freeswitch.bak.tgz then the 'restore' button will be hidden. \n";
+echo "The 'backup' button will tar gzip /usr/local/freeswitch/ to /root/backup/freeswitch.bak.tgz it then presents a file to download. \n";
+echo "If the backup file does not exist in /root/backup/freeswitch.bak.tgz then the 'restore' button will be hidden. \n";
echo "Use Diagnostics->Command->File to upload: to browse to the file and then click on upload it now ready to be restored. \n";
echo "<br /><br />\n";
echo "</td>\n";
echo "<td width='20%' valign='middle' align='right'>\n";
-echo " <input type='button' value='backup' onclick=\"document.location.href='/freeswitch/freeswitch_status.php?a=download&t=backup';\" />\n";
-if (file_exists('/tmp/freeswitch.bak.tgz')) {
- echo " <input type='button' value='restore' onclick=\"document.location.href='/freeswitch/freeswitch_status.php?a=other&t=restore';\" />\n";
+echo " <input type='button' value='backup' onclick=\"document.location.href='/packages/freeswitch/freeswitch_status.php?a=download&t=backup';\" />\n";
+if (file_exists('/root/backup/freeswitch.bak.tgz')) {
+ echo " <input type='button' value='restore' onclick=\"document.location.href='/packages/freeswitch/freeswitch_status.php?a=other&t=restore';\" />\n";
}
echo "</td>\n";
echo "</tr>\n";
@@ -288,7 +284,7 @@ echo "<b>Call Detail Records</b><br />\n";
echo "/usr/local/freeswitch/log/cdr-csv/Master.csv<br /><br />\n";
echo "</td>\n";
echo "<td width='50%' align='right'>\n";
-echo " <input type='button' value='download cdr csv' onclick=\"document.location.href='/freeswitch/freeswitch_status.php?a=download&t=cdrcsv';\" />\n";echo "</td>\n";
+echo " <input type='button' value='download cdr csv' onclick=\"document.location.href='/packages/freeswitch/freeswitch_status.php?a=download&t=cdrcsv';\" />\n";echo "</td>\n";
echo "</tr>\n";
echo "</table>\n";
echo "<br /><br />\n\n";
@@ -301,15 +297,15 @@ echo "<b>Logs</b><br />\n";
echo "/usr/local/freeswitch/log/cdr-csv/freeswitch.log<br /><br />\n";
echo "</td>\n";
echo "<td width='50%' align='right'>\n";
-echo " <input type='button' value='download logs' onclick=\"document.location.href='/freeswitch/freeswitch_status.php?a=download&t=logs';\" />\n";
+echo " <input type='button' value='download logs' onclick=\"document.location.href='/packages/freeswitch/freeswitch_status.php?a=download&t=logs';\" />\n";
echo "</tr>\n";
echo "</table>\n";
echo "<br /><br />\n\n";
-echo "<b>tail -n 100 /usr/local/freeswitch/log/freeswitch.log</b><br />\n";
-echo "<textarea cols='85' rows='30' wrap='off'>\n";
-echo system("tail -n 100 /usr/local/freeswitch/log/freeswitch.log");
+echo "<b>tail -n 500 /usr/local/freeswitch/log/freeswitch.log</b><br />\n";
+echo "<textarea id='log' name='log' cols='93' rows='30' wrap='off'>\n";
+echo system("tail -n 500 /usr/local/freeswitch/log/freeswitch.log");
echo "</textarea>\n";
echo "<br /><br />\n\n";
@@ -319,9 +315,9 @@ echo "<br /><br />\n\n";
//$response = event_socket_request($fp, $cmd);
//echo "<b>api sofia</b><br />\n";
//echo "<pre style=\"font-size: 9pt;\">\n";
-//echo $response;
+//echo $response;
//echo "</pre>\n";
-//fclose($fp);
+//fclose($fp);
//echo "<br /><br />\n\n";
?>
diff --git a/config/freeswitch/freeswitch_time_conditions.tmp b/config/freeswitch/freeswitch_time_conditions.tmp
index 617bb5cf..17787ad3 100755..100644
--- a/config/freeswitch/freeswitch_time_conditions.tmp
+++ b/config/freeswitch/freeswitch_time_conditions.tmp
@@ -2,11 +2,11 @@
/* $Id$ */
/*
freeswitch_time_conditions.php
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -62,21 +62,8 @@ include("head.inc");
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
<?php
-
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=freeswitch.xml&amp;id=0");
- $tab_array[] = array(gettext("Dialplan"), false, "/freeswitch/freeswitch_dialplan_includes.php");
- $tab_array[] = array(gettext("Extensions"), false, "/freeswitch/freeswitch_extensions.php");
- $tab_array[] = array(gettext("External"), false, "/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0");
- $tab_array[] = array(gettext("Gateways"), false, "/freeswitch/freeswitch_gateways.php");
- $tab_array[] = array(gettext("Internal"), false, "/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0");
- $tab_array[] = array(gettext("IVR"), true, "/freeswitch/freeswitch_ivr.php");
- $tab_array[] = array(gettext("Modules"), false, "/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0");
- $tab_array[] = array(gettext("Public"), false, "/freeswitch/freeswitch_public_includes.php");
- $tab_array[] = array(gettext("Rec"), false, "/freeswitch/freeswitch_recordings.php");
- $tab_array[] = array(gettext("Status"), false, "/freeswitch/freeswitch_status.php");
- $tab_array[] = array(gettext("Vars"), false, "/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0");
- display_top_tabs($tab_array);
+
+display_top_tabs(build_menu());
?>
</td></tr>
@@ -87,32 +74,32 @@ include("head.inc");
<td class="tabcont" >
<form action="freeswitch_ivr_options.php" method="post" name="iform" id="iform">
-<?php
+<?php
//echo "<pre>";
//print_r ($a_ivr);
//echo "</pre>";
-//if ($savemsg) print_info_box($savemsg);
+//if ($savemsg) print_info_box($savemsg);
//if (file_exists($d_hostsdirty_path)): echo"<p>";
//print_info_box_np("The FreeSWITCH recordings have been changed.<br>You must apply the changes in order for them to take effect.");
//echo"<br />";
-//endif;
+//endif;
?>
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td><p><span class="vexpl"><span class="red"><strong>Note:<br>
</strong></span>
To make a recording dial extension 700 or you can make a
- 16bit 8khz/16khz Mono WAV file then copy it to the
+ 16bit 8khz/16khz Mono WAV file then copy it to the
following directory then refresh the page to play it back.
</span></p></td>
</tr>
</table>
<br />
-
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="20%" class="listhdrr">Filename</td>
@@ -169,7 +156,7 @@ include("head.inc");
<td class="list"></td>
</tr>
</table>
-
+
</form>
<br>
diff --git a/config/freeswitch/freeswitch_time_conditions_edit.tmp b/config/freeswitch/freeswitch_time_conditions_edit.tmp
index c40b84f8..45631929 100755..100644
--- a/config/freeswitch/freeswitch_time_conditions_edit.tmp
+++ b/config/freeswitch/freeswitch_time_conditions_edit.tmp
@@ -1,24 +1,23 @@
-<?php
+<?php
/* $Id$ */
/*
-
freeswitch_time_conditions_edit.php
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
-
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -89,7 +88,7 @@ if ($_POST) {
$a_ivr_options[$id] = $ivroptionent;
}
else {
- //add
+ //add
$a_ivr_options[] = $ivroptionent;
}
@@ -115,21 +114,8 @@ include("head.inc");
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
<?php
-
- $tab_array = array();
- $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=freeswitch.xml&amp;id=0");
- $tab_array[] = array(gettext("Dialplan"), false, "/freeswitch/freeswitch_dialplan_includes.php");
- $tab_array[] = array(gettext("Extensions"), false, "/freeswitch/freeswitch_extensions.php");
- $tab_array[] = array(gettext("External"), false, "/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0");
- $tab_array[] = array(gettext("Gateways"), false, "/freeswitch/freeswitch_gateways.php");
- $tab_array[] = array(gettext("Internal"), false, "/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0");
- $tab_array[] = array(gettext("IVR"), true, "/freeswitch/freeswitch_ivr.php");
- $tab_array[] = array(gettext("Modules"), false, "/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0");
- $tab_array[] = array(gettext("Public"), false, "/freeswitch/freeswitch_public_includes.php");
- $tab_array[] = array(gettext("Rec"), false, "/freeswitch/freeswitch_recordings.php");
- $tab_array[] = array(gettext("Status"), false, "/freeswitch/freeswitch_status.php");
- $tab_array[] = array(gettext("Vars"), false, "/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0");
- display_top_tabs($tab_array);
+
+display_top_tabs(build_menu());
?>
</td></tr>
@@ -137,19 +123,19 @@ include("head.inc");
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="tabcont" >
-
+
<form action="freeswitch_ivr_options_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td width="22%" valign="top" class="vncellreq">Option Number</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="optionnumber" type="text" class="formfld" id="optionnumber" size="40" value="<?=htmlspecialchars($pconfig['optionnumber']);?>">
<br> <span class="vexpl">Option Number<br>
e.g. <em>1</em></span></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Type</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<?php
echo " <select name='optiontype' class='formfld'>\n";
echo " <option></option>\n";
@@ -171,14 +157,14 @@ include("head.inc");
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Destination</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="optiondest" type="text" class="formfld" id="optiondest" size="40" value="<?=htmlspecialchars($pconfig['optiondest']);?>">
<br> <span class="vexpl">Destination<br>
e.g. <em>1001</em></span></td>
- </tr>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncell">Description</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="optiondescr" type="text" class="formfld" id="optiondescr" size="40" value="<?=htmlspecialchars($pconfig['optiondescr']);?>">
<br> <span class="vexpl">You may enter a description here
for your reference (not parsed).</span></td>
@@ -189,21 +175,21 @@ include("head.inc");
<input name="ivrid" type="hidden" value="<?=$ivrid;?>">
<input name="parentid" type="hidden" value="<?=$parentid;?>">
<?php if (isset($id) && $a_ivr_options[$id]): ?>
- <input name="id" type="hidden" value="<?=$id;?>">
+ <input name="id" type="hidden" value="<?=$id;?>">
<?php endif; ?>
<input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()">
</td>
</tr>
</table>
</form>
-
+
<br>
<br>
<br>
<br>
<br>
<br>
-
+
</td>
</tr>
</table>
diff --git a/config/freeswitch/freeswitch_vars.tmp b/config/freeswitch/freeswitch_vars.tmp
new file mode 100644
index 00000000..5e7a5744
--- /dev/null
+++ b/config/freeswitch/freeswitch_vars.tmp
@@ -0,0 +1,162 @@
+<?php
+/* $Id$ */
+/*
+ freeswitch_vars.php
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ FreeSWITCH (TM)
+ http://www.freeswitch.org/
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+require("/usr/local/pkg/freeswitch.inc");
+
+//$a_extensions = &$config['installedpackages']['freeswitchprofiles']['config'];
+
+if ($_GET['a'] == "default") {
+ conf_mount_rw();
+ exec("cp /usr/local/freeswitch/conf.orig/vars.xml /usr/local/freeswitch/conf/vars.xml");
+ $savemsg = "Default Restored";
+ conf_mount_ro();
+}
+
+if ($_POST['a'] == "save") {
+ conf_mount_rw();
+ $content = ereg_replace("\r","",$_POST['code']);
+ $fd = fopen("/usr/local/freeswitch/conf/vars.xml", "w");
+ fwrite($fd, $content);
+ fclose($fd);
+ $savemsg = "Saved";
+ conf_mount_ro();
+}
+
+
+$fd = fopen("/usr/local/freeswitch/conf/vars.xml", "r");
+$content = fread($fd, filesize("/usr/local/freeswitch/conf/vars.xml"));
+fclose($fd);
+
+include("head.inc");
+
+?>
+
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<script language="Javascript">
+function sf() { document.forms[0].savetopath.focus(); }
+</script>
+<script language="Javascript" type="text/javascript" src="/edit_area/edit_area_full.js"></script>
+<script language="Javascript" type="text/javascript">
+ // initialisation
+ editAreaLoader.init({
+ id: "code" // id of the textarea to transform
+ ,start_highlight: false
+ ,allow_toggle: false
+ ,language: "en"
+ ,syntax: "html"
+ ,toolbar: "search, go_to_line,|, fullscreen, |, undo, redo, |, select_font, |, syntax_selection, |, change_smooth_selection, highlight, reset_highlight, |, help"
+ ,syntax_selection_allow: "css,html,js,php,xml,c,cpp,sql"
+ ,show_line_colors: true
+ });
+</script>
+
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">FreeSWITCH: Variables</p>
+
+<div id="mainlevel">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td class="tabnavtbl">
+<?php
+
+display_top_tabs(build_menu());
+
+?>
+</td></tr>
+</table>
+
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="tabcont" >
+
+<form action="freeswitch_vars.php" method="post" name="iform" id="iform">
+<?php
+
+?>
+ <table width="98%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width='90%'><p><span class="vexpl"><span class="red"><strong>Variables<br>
+ </strong></span>
+ Define preprocessor variables here. Can be accessed in the xml configation with $${var_name}.
+ </p>
+ </td>
+ <td width='10%' align='right' valign='middle'><input type="submit" value="save" /></td>
+ </tr>
+ </table>
+ <br />
+ <br />
+
+ <textarea style="width:98%" id="code" name="code" rows="30" cols="<?php echo $cols; ?>" name="content"><?php echo htmlentities($content); ?></textarea>
+ <br />
+ <br />
+
+ <table width="98%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td>/usr/local/freeswitch/conf/vars.xml</td>
+ <td align='right'>
+ <input type="hidden" name="f" value="<?php echo $_GET['f']; ?>" />
+ <input type="hidden" name="a" value="save" />
+ <?php
+ echo "<input type='button' value='Restore Default' onclick=\"document.location.href='/packages/freeswitch/freeswitch_vars.php?a=default&f=vars.xml';\" />";
+ ?>
+ </td>
+ </tr>
+ </table>
+
+</form>
+
+<br>
+<br>
+
+<br>
+<br>
+<br>
+<br>
+<br>
+<br>
+<br>
+<br>
+
+</td>
+</tr>
+</table>
+
+</div>
+
+
+
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/freeswitch/freeswitch_vars.xml b/config/freeswitch/freeswitch_vars.xml
deleted file mode 100755
index 9a4e172c..00000000
--- a/config/freeswitch/freeswitch_vars.xml
+++ /dev/null
@@ -1,136 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
-<packagegui>
- <copyright>
- <![CDATA[
-/* $Id$ */
-/* ========================================================================== */
-/*
-
- freeswitch_vars.xml
- Copyright (C) 2008 Mark J Crane
- All rights reserved.
-
- FreeSWITCH (TM)
- http://www.freeswitch.org/
-
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 to whom it may belong
- All rights reserved.
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
- ]]>
- </copyright>
- <description>FreeSWITCH is an open source telephony platform designed to facilitate the creation of voice and chat driven products scaling from a soft-phone up to a soft-switch. It can be used as a simple switching engine, a PBX, a media gateway or a media server to host IVR applications using simple scripts or XML to control the callflow.</description>
- <requirements>Describe your package requirements here</requirements>
- <faq>Currently there are no FAQ items provided.</faq>
- <name>freeswitchvars</name>
- <version>0.1</version>
- <title>FreeSWITCH: Vars</title>
- <aftersaveredirect>pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0</aftersaveredirect>
- <include_file>/usr/local/pkg/freeswitch.inc</include_file>
- <tabs>
- <tab>
- <text>Settings</text>
- <url>/pkg_edit.php?xml=freeswitch.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Dialplan</text>
- <url>/freeswitch/freeswitch_dialplan_includes.php</url>
- </tab>
- <tab>
- <text>Extensions</text>
- <url>/freeswitch/freeswitch_extensions.php</url>
- </tab>
- <tab>
- <text>External</text>
- <url>/pkg_edit.php?xml=freeswitch_external.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Gateways</text>
- <url>/freeswitch/freeswitch_gateways.php</url>
- </tab>
- <tab>
- <text>Internal</text>
- <url>/pkg_edit.php?xml=freeswitch_internal.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>IVR</text>
- <url>/freeswitch/freeswitch_ivr.php</url>
- </tab>
- <tab>
- <text>Modules</text>
- <url>/pkg_edit.php?xml=freeswitch_modules.xml&amp;id=0</url>
- </tab>
- <tab>
- <text>Public</text>
- <url>/freeswitch/freeswitch_public_includes.php</url>
- </tab>
- <tab>
- <text>Rec</text>
- <url>/freeswitch/freeswitch_recordings.php</url>
- </tab>
- <tab>
- <text>Status</text>
- <url>/freeswitch/freeswitch_status.php</url>
- </tab>
- <tab>
- <text>Vars</text>
- <url>/pkg_edit.php?xml=freeswitch_vars.xml&amp;id=0</url>
- <active/>
- </tab>
- </tabs>
- <configpath>installedpackages->package->$packagename->configuration->freeswitchvars</configpath>
- <fields>
- <field>
- <fielddescr>&lt;b&gt;Vars&lt;/b&gt; &lt;br /&gt; &lt;br /&gt;Define preprocessor variables here. Can be accessed in the xml configation with $${var_name}.</fielddescr>
- <fieldname>vars_xml</fieldname>
- <description>&lt;br /&gt;Path: /usr/local/freeswitch/conf/vars.xml &lt;br /&gt;&lt;br /&gt;</description>
- <type>textarea</type>
- <encoding>base64</encoding>
- <wrap>off</wrap>
- <size>30</size>
- <cols>70</cols>
- <rows>33</rows>
- </field>
- </fields>
- <custom_php_command_before_form>
- </custom_php_command_before_form>
- <custom_php_after_head_command>
- sync_package_freeswitch_vars();
- </custom_php_after_head_command>
- <custom_php_after_form_command>
- </custom_php_after_form_command>
- <custom_php_validation_command>
- </custom_php_validation_command>
- <custom_php_resync_config_command>
- sync_package_freeswitch_vars();
- </custom_php_resync_config_command>
-</packagegui> \ No newline at end of file
diff --git a/config/freeswitch/mod_fax.so.1 b/config/freeswitch/mod_fax.so.1
deleted file mode 100755
index 68bd05d0..00000000
--- a/config/freeswitch/mod_fax.so.1
+++ /dev/null
Binary files differ
diff --git a/config/freeswitch/mod_shout.so.1 b/config/freeswitch/mod_shout.so.1
deleted file mode 100755
index 26d9b94b..00000000
--- a/config/freeswitch/mod_shout.so.1
+++ /dev/null
Binary files differ
diff --git a/config/freeswitch/please_enter_the_extension_number.wav b/config/freeswitch/please_enter_the_extension_number.wav
new file mode 100644
index 00000000..d9384b0f
--- /dev/null
+++ b/config/freeswitch/please_enter_the_extension_number.wav
Binary files differ
diff --git a/config/freeswitch/please_enter_the_phone_number.wav b/config/freeswitch/please_enter_the_phone_number.wav
new file mode 100644
index 00000000..9cb4057b
--- /dev/null
+++ b/config/freeswitch/please_enter_the_phone_number.wav
Binary files differ
diff --git a/config/freeswitch/please_enter_the_pin_number.wav b/config/freeswitch/please_enter_the_pin_number.wav
new file mode 100644
index 00000000..107728a5
--- /dev/null
+++ b/config/freeswitch/please_enter_the_pin_number.wav
Binary files differ
diff --git a/config/havp/havp.inc b/config/havp/havp.inc
index 85427eb2..2505ce0b 100644
--- a/config/havp/havp.inc
+++ b/config/havp/havp.inc
@@ -2,7 +2,7 @@
/*
havp.inc
Part of pfSense package
- Copyright (C) 2008 Serg Dvorianceev
+ Copyright (C) 2009 Serg Dvorianceev
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -27,197 +27,500 @@
POSSIBILITY OF SUCH DAMAGE.
*/
-/* ! ÍÀVP v.0.88 !*/
+/* ! for HAVP v.0.88 ! */
+/* ! Real virus collection for tests http://www.nvkz.kuzbass.net/as/ ! */
require_once('globals.inc');
require_once('config.inc');
require_once('util.inc');
+require_once('system.inc');
require_once('pfsense-utils.inc');
require_once('pkg-utils.inc');
require_once('filter.inc');
require_once('service-utils.inc');
+# ------------------------------------------------------------------------------
+# globals
+# ------------------------------------------------------------------------------
+# Debug / uncomment next for debug /
+define('HV_DEBUG', 'false');
+# use Clamd daemon (another - use libclam)
+define('HV_USE_CLAMD', 'true');
+define('HV_CLAMD_TCPSOCKET', 'true');
+
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# RAM Disk - use as 'tmp' dir for more quick work
+# note: this options allow RAM Disk allocation
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# set 'true' for enable RAM Disk
+define('HV_USE_TMPRAMDISK', 'true');
+# set 'false' for disable RAM Disk on VM (if you have troubles on VM)
+define('HV_VM_TMPRAMDISK', 'true');
+
+# ------------------------------------------------------------------------------
+# forms
+# ------------------------------------------------------------------------------
+define('HVFORM_HAVP', 'havp');
+define('HVFORM_FSCAN', 'havpfscan');
+define('HVFORM_AVSET', 'havpavset');
+
+# ------------------------------------------------------------------------------
# defines
-define('HV_USER', 'havp');
-define('HV_AV_USER', 'havp');
-
-define('HV_WORKDIR', '/usr/local/etc/havp');
-define('HV_CONFIGFILE', '/havp.config');
-define('HV_WHITELISTFILE', '/whitelist');
-define('HV_BLACKLISTFILE', '/blacklist');
-
-define('HV_PIDFILE', '/var/run/havp.pid');
-define('HV_LOGDIR', '/var/log/havp');
-define('HV_AVLOGDIR', '/var/log/clamav');
-define('HV_ACCESSLOG', '/access.log');
-define('HV_LOG', '/havp.log');
-define('HV_TEMPDIR', '/var/tmp');
-define('HV_HAVPTEMPDIR', '/var/tmp/havp');
-define('HV_SCANTEMPFILE', '/havp/havp-XXXXXX');
-define('HV_DEFAULTPORT', '3125');
-define('HV_DEFAULTADDR', '127.0.0.1');
-define('HV_TEMPLATEPATH', '/usr/local/share/examples/havp/templates');
-define('HV_CRONNAME_AVUPD','havp_av_update');
-define('HV_CRONCMD_AVUPD', '/usr/local/etc/rc.d/clamav-freshclam start');
-define('HV_CRONKEY_AVUPD', '/clamav-freshclam');
-define('HV_AVUPD_SCRIPT', '/usr/local/etc/rc.d/havp_avupdate.sh');
-define('HV_FRESHCLAM_CONFIGFILE', '/usr/local/etc/freshclam.conf');
+# ------------------------------------------------------------------------------
+# havp
+define('HVDEF_ADDR', '127.0.0.1');
+define('HVDEF_PROXYPORT', '8080');
+define('HVDEF_MAXSCANSIZE', '5000000'); # [bytes] ! do not enter 0 or big size !
+define('HVDEF_MAXARCSCANSIZE', '5000000'); # [bytes] ! do not enter 0 or big size !
+define('HVDEF_PID_FILE', '/var/run/havp.pid');
+define('HVDEF_WORK_DIR', '/usr/local/etc/havp');
+define('HVDEF_LOG_DIR', '/var/log/havp');
+define('HVDEF_TEMP_DIR', '/var/tmp');
+define('HVDEF_HAVPTEMP_DIR', HVDEF_TEMP_DIR.'/havp');
+define('HVDEF_RAMTEMP_DIR', HVDEF_TEMP_DIR.'/havpRAM');
+define('HVDEF_SCANTEMPFILE', '/havp-XXXXXX');
+define('HVDEF_TEMPLATES', '/usr/local/share/examples/havp/templates');
+define('HVDEF_TEMPLATES_EX', HVDEF_TEMPLATES . '_ex');
+define('HVDEF_FILTER_RULES', '/tmp/rules.havp');
+define('HVDEF_HAVP_CONFIG', HVDEF_WORK_DIR.'/havp.config');
+define('HVDEF_HAVP_XMLCONF', HVDEF_WORK_DIR.'/havp_conf.xml');
+define('HVDEF_HAVP_WHITELIST', HVDEF_WORK_DIR.'/whitelist');
+define('HVDEF_HAVP_BLACKLIST', HVDEF_WORK_DIR.'/blacklist');
+define('HVDEF_HAVP_ACCESSLOG', HVDEF_LOG_DIR .'/access.log');
+define('HVDEF_HAVP_ERRORLOG', HVDEF_LOG_DIR .'/havp.log');
+define('HVDEF_HAVP_MINSRV', '10');
+define('HVDEF_HAVP_MAXSRV', '100');
+# Clam
+define('HVDEF_CLAM_RUNDIR', '/var/run/clamav');
+define('HVDEF_AVLOG_DIR', '/var/log/clamav');
+define('HVDEF_CLAM_SOCKET', HVDEF_CLAM_RUNDIR.'/clamd.sock');
+define('HVDEF_CLAM_PID', HVDEF_CLAM_RUNDIR.'/clamd.pid');
+define('HVDEF_CLAM_LOG', HVDEF_AVLOG_DIR . '/clamd.log');
+define('HVDEF_CLAM_WORKDIR', '/usr/local/etc');
+define('HVDEF_CLAM_CONFIG', '/usr/local/etc/clamd.conf');
+define('HVDEF_CLAM_TCPSOCKET', '3310');
+define('HVDEF_FRESHCLAM_CONF', '/usr/local/etc/freshclam.conf');
+define('HVDEF_FRESHCLAM_LOG', HVDEF_AVLOG_DIR . '/freshclam.log');
+define('HVDEF_CLAMSCAN_LOG', '/var/log/clamscan.log');
+# script's
+define('HVDEF_SCRIPT_DIR', '/usr/local/etc/rc.d');
+define('HVDEF_AVCRON_SCRIPT', '/clamav-freshclam');
+define('HVDEF_FILTER_RESYNC_SCRIPT', '/usr/local/pkg/pf/havp_filter_resync.sh');
+define('HVDEF_HAVP_STARTUP_SCRIPT', HVDEF_SCRIPT_DIR . '/havp.sh');
+define('HVDEF_CLAM_STARTUP_SCRIPT', HVDEF_SCRIPT_DIR . '/clamd.sh');
+define('HVDEF_AVUPD_SCRIPT', HVDEF_SCRIPT_DIR . '/havp_avupdate');
+# cron
+define('HVDEF_CLAM_UPD_CRONNAME', 'havp_clam_update');
+define('HVDEF_CLAM_UPD_CRONCMD', HVDEF_SCRIPT_DIR . HVDEF_AVCRON_SCRIPT . " start");
+define('HVDEF_CLAM_UPD_CRONKEY', HVDEF_AVCRON_SCRIPT);
+# user
+define('HVDEF_USER', 'havp');
+define('HVDEF_GROUP', 'havp');
+define('HVDEF_AVUSER', HVDEF_USER);
+# fields
+define('HV_SCANTEMPFILE', 'hv_scan_tempfile');
+# ------------------------------------------------------------------------------
# XML fields
-define('XML_HAVPENABLE', 'enable');
-define('XML_HAVPLANG', 'havplang');
-define('XML_PARENTPROXY', 'parentproxy');
-define('XML_WHITELIST', 'whitelist');
-define('XML_BLACKLIST', 'blacklist');
-define('XML_PROXYIFACE', 'proxyiface');
-define('XML_PROXYPORT', 'proxyport');
-define('XML_USEEXTIFACE', 'listenextinterface');
-define('XML_XFORWARDEDFOR', 'xforwardedfor');
-define('XML_FAILSCANERROR', 'failscanerror');
-define('XML_LANGUAGE', 'lang');
-define('XML_SCANIMG', 'scanimg');
-define('XML_SCANARC', 'scanarc');
-define('XML_SCANMAXSIZE', 'scanmaxsize');
-define('XML_MAXDOWNLOADSIZE', 'maxdownloadsize');
-define('XML_SYSLOG', 'syslog');
-define('XML_HAVPUPDATE', 'havpavupdate');
-# define('','');
-
-function havp_install(){
+# ------------------------------------------------------------------------------
+define('F_ENABLE', 'enable');
+define('F_PROXYMODE', 'proxymode');
+define('F_PROXYINTERFACE', 'proxyinterface');
+define('F_PROXYBINDIFACE', 'proxybindiface'); # internal var
+define('F_PROXYPORT', 'proxyport');
+define('F_PARENTPROXY', 'parentproxy');
+define('F_LANGUAGE', 'lang');
+define('F_MAXDOWNLOADSIZE', 'maxdownloadsize');
+define('F_RANGE', 'range');
+define('F_WHITELIST', 'whitelist');
+define('F_BLACKLIST', 'blacklist');
+define('F_ENABLEFORWARDEDIP', 'enableforwardedip');
+define('F_ENABLEXFORWARDEDFOR', 'enablexforwardedfor');
+define('F_ENABLERAMDISK', 'enableramdisk');
+# scanner
+define('F_FAILSCANERROR', 'failscanerror');
+define('F_SCANMAXSIZE', 'scanmaxsize');
+define('F_SCANIMG', 'scanimg');
+define('F_SCANARC', 'scanarc');
+define('F_SCANSTREAM', 'scanstream');
+define('F_SCANARCMAXSIZE', 'scanarcmaxsize');
+# antivirus options
+define('F_HAVPUPDATE', 'havpavupdate');
+define('F_DBREGION', 'dbregion');
+define('F_AVUPDATESERVER', 'avupdateserver');
+# log
+define('F_SYSLOG', 'syslog');
+define('F_LOG', 'log');
+define('F_AVSETSYSLOG', 'avsetsyslog');
+define('F_AVSETLOG', 'avsetlog');
+#
+define('F_TEMPLATEPATH', 'templatepath'); # internal var
+# file scanner [HVFORM_FSCAN]
+define('F_SCANFILEPATH', 'scanfilepath');
+# ïîêà íåïîíÿòíî ÷òî ýòî è ÷òî ñ íèì äåëàòü
+define('F_DISABLEXFORWARD', 'disablexforward'); # + forwarded ip
+define('F_FORWARDEDIP', 'forwardedip');
+
+# ------------------------------------------------------------------------------
+# global config
+# ------------------------------------------------------------------------------
+$havp_config = array();
+$havp_config[HV_SCANTEMPFILE] = HVDEF_HAVPTEMP_DIR . HVDEF_SCANTEMPFILE;
+
+# ------------------------------------------------------------------------------
+# Initialization
+# ------------------------------------------------------------------------------
+havp_convert_pfxml_xml();
+
+# ==============================================================================
+# Installation and config
+# ==============================================================================
+function havp_install()
+{
+ havp_fix();
havp_check_system();
}
-
-function havp_deinstall() {
- havp_setup_cron(HV_CRONNAME_AVUPD,"", "");
- mwexec("rm -rf " . HV_AVUPD_SCRIPT);
- mwexec("rm -rf " . HV_PIDFILE);
+# ------------------------------------------------------------------------------
+function havp_deinstall()
+{
+ havp_setup_cron(HVDEF_CLAM_UPD_CRONNAME,"", "");
+ mwexec("killall -9 havp");
+ mwexec("rm -rf " . HVDEF_HAVP_STARTUP_SCRIPT);
+ mwexec("rm -rf " . HVDEF_FILTER_RESYNC_SCRIPT);
+ mwexec("rm -rf " . HVDEF_PID_FILE);
+# mwexec("rm -rf " . HVDEF_CLAM_STARTUP_SCRIPT);
+# mwexec("rm -rf " . HVDEF_AVUPD_SCRIPT);
+# mwexec("rm -rf " . HVDEF_CLAM_PID);
+# mwexec("rm -rf " . HVDEF_CLAM_SOCKET);
+ umountRAMDisk();
+}
+# ==============================================================================
+# Events
+# ==============================================================================
+# before form
+# ------------------------------------------------------------------------------
+function havp_before_form($pkg)
+{
+}
+# ------------------------------------------------------------------------------
+function havp_fscan_before_form($pkg)
+{
+ if(is_array($pkg['fields']['field'])) {
+ foreach($pkg['fields']['field'] as $key => $field) {
+ if ($field['fieldname'] === F_SCANFILEPATH) {
+ $pkg['fields']['field'][$key]['description'] .= havp_fscan_html();
+ break;
+ }
+ }
+ }
}
+# ------------------------------------------------------------------------------
+# validation
+# ------------------------------------------------------------------------------
+function havp_validate_settings($post, $input_errors)
+{
+ $submit = isset($_GET['submit']) ? $_GET['submit'] : $_POST['submit'];
-function havp_resync() {
- global $config;
- $pfconf = $config['installedpackages']['havp']['config'][0];
+ # manual update AV database
+ if ($submit === 'Update_AV') {
+ havp_update_AV();
+ }
+ # Scan file or dir
+ elseif($submit === 'Start_scan') {
+ if (file_exists($post[F_SCANFILEPATH]))
+ start_antivirus_scanner($post[F_SCANFILEPATH]);
+ else $input_errors[] = "File or path not exists '{$post[F_SCANFILEPATH]}'.";
+ }
+ else {
+ # port validate
+ $prxport = trim($post[F_PROXYPORT]);
+ if (!empty($prxport) && !is_port($prxport))
+ $input_errors[] = 'You must enter a valid port number in the \'Proxy port\' field';
+
+ # parent proxy validate
+ $parent = trim($post[F_PARENT]);
+
+ # max download size validate
+ $maxval = trim($post[F_MAXDOWNLOADSIZE]);
+ if (!empty($maxval) && !is_numericint($maxval)) # is_port - validate value
+ $input_errors[] = 'You must enter a valid numeric value in \'Max download size\' field.';
+
+ # scan max file size validate
+ $maxval = trim($post[F_SCANMAXSIZE]);
+ if (!empty($maxval) && !is_numericint($maxval)) # is_port - validate value
+ $input_errors[] = 'You must enter a valid numeric value in \'Scan max file size\' field.';
+
+ # whitelist validate
+ $lst = explode("\n", str_replace(" ", "\n", $post[F_WHITELIST]));
+ foreach ($lst as $dm) {
+ $dm = trim($dm);
+ if ($dm && check_bw_domain($dm) === false)
+ $input_errors[] = "Invalid whitelist element '$dm'.";
+ }
+ # blacklist validate
+ $lst = explode("\n", str_replace(" ", "\n", $post[F_BLACKLIST]));
+ foreach ($lst as $dm) {
+ $dm = trim($dm);
+ if ($dm && check_bw_domain($dm) === false)
+ $input_errors[] = "Invalid blacklist element '$dm'.";
+ }
+ }
+
+}
+# ------------------------------------------------------------------------------
+# resync
+# ------------------------------------------------------------------------------
+function havp_resync()
+{
+ global $havp_config;
+
+ havp_convert_pfxml_xml();
havp_check_system();
+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# whitelist and blacklist
- # also white-listed:
- $whitelist = havp_whitelist_def() . "\n" . str_replace(" ", "\n", base64_decode($pfconf[XML_WHITELIST]));
- $blacklist = str_replace(" ", "\n", base64_decode($pfconf[XML_BLACKLIST]));
- # stupid havp parser - error on 0x0D:
+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ # also white-listed by default:
+ $whitelist = havp_whitelist_def() . "\n" . str_replace(" ", "\n", base64_decode($havp_config[F_WHITELIST]));
+ $blacklist = str_replace(" ", "\n", base64_decode($havp_config[F_BLACKLIST]));
+ # fix: stupid havp parser - error on 0x0D:
$whitelist = str_replace("\r", "", $whitelist);
$blacklist = str_replace("\r", "", $blacklist);
- file_put_contents(HV_WORKDIR . HV_WHITELISTFILE, $whitelist);
- file_put_contents(HV_WORKDIR . HV_BLACKLISTFILE, $blacklist);
+ file_put_contents(HVDEF_HAVP_WHITELIST, $whitelist);
+ file_put_contents(HVDEF_HAVP_BLACKLIST, $blacklist);
- # config havp
- file_put_contents(HV_WORKDIR . HV_CONFIGFILE, havp_config());
- set_file_access(HV_WORKDIR, HV_USER, '0755');
+ # reconfigure clamd
+ havp_reconfigure_clamd();
- # config freshclam
- file_put_contents(HV_FRESHCLAM_CONFIGFILE, havp_config_freshclam());
- set_file_access(HV_FRESHCLAM_CONFIGFILE, HV_AV_USER, '0664');
+ # config havp
+ file_put_contents (HVDEF_HAVP_CONFIG, havp_config_havp());
+ havp_set_file_access(HVDEF_WORK_DIR, HVDEF_USER, '0755');
- # cron task
- $on = false;
- $opt = array("0", "*", "*", "*", "*", "root", "/usr/bin/nice -n20 " . HV_AVUPD_SCRIPT);
- switch($pfconf['havpavupdate']) {
- case 'none': $on = false; break;
- case 'hv_01h': $on = true; $opt[1]= "*/1"; break;
- case 'hv_02h': $on = true; $opt[1]= "*/2"; break;
- case 'hv_03h': $on = true; $opt[1]= "*/3"; break;
- case 'hv_04h': $on = true; $opt[1]= "*/4"; break;
- case 'hv_06h': $on = true; $opt[1]= "*/6"; break;
- case 'hv_08h': $on = true; $opt[1]= "*/8"; break;
- case 'hv_12h': $on = true; $opt[1]= "*/12"; break;
- case 'hv_24h': $on = true; $opt[1]= "0"; break;
- default: break;
- }
- havp_setup_cron(HV_CRONNAME_AVUPD, $opt, $on);
+ if ($havp_config[F_ENABLE] === 'true') {
+ mwexec_bg(HVDEF_HAVP_STARTUP_SCRIPT . " restart");
+ log_error("Starting HAVP");
+ }
+ else {
+ mwexec_bg(HVDEF_HAVP_STARTUP_SCRIPT . " stop");
+ log_error("Stopping HAVP");
+ }
- mwexec("killall havp");
- mwexec("killall havp");
- mwexec("/usr/local/sbin/havp -c /usr/local/etc/havp" . HV_CONFIGFILE);
+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ # reconfigure squid
+ havp_configure_squid();
-mountRAMdisk();
+ # reconfigure AV parts
+ havp_reconfigure_freshclam();
+ havp_reconfigure_cron();
+ # configure system filter
+ filter_configure();
}
-
-function havp_check_system() {
+# ------------------------------------------------------------------------------
+function havp_avset_resync()
+{
+ havp_convert_pfxml_xml();
+ havp_check_system();
+ # reconfigure
+ havp_reconfigure_freshclam();
+ havp_reconfigure_cron();
+}
+# ==============================================================================
+# check system
+# ==============================================================================
+function havp_check_system()
+{
+ global $havp_config;
# workdir permissions
- set_file_access(HV_WORKDIR, HV_USER, '');
+ havp_set_file_access(HVDEF_WORK_DIR, HVDEF_USER, '');
- # tempdir
- if (!file_exists(HV_HAVPTEMPDIR)) mwexec("mkdir -p " . HV_HAVPTEMPDIR);
- set_file_access(HV_HAVPTEMPDIR, HV_USER, '');
+ # havp tempdir
+ if (!file_exists(HVDEF_HAVPTEMP_DIR))
+ mwexec("mkdir -p " . HVDEF_HAVPTEMP_DIR);
+ havp_set_file_access(HVDEF_HAVPTEMP_DIR, HVDEF_USER, '');
+
+ # RAM tempdir
+ if (!file_exists(HVDEF_RAMTEMP_DIR))
+ mwexec("mkdir -p " . HVDEF_RAMTEMP_DIR);
+ havp_set_file_access(HVDEF_RAMTEMP_DIR, HVDEF_USER, '');
# template permissions
- set_file_access(HV_TEMPLATEPATH, HV_USER, '');
+ havp_set_file_access(HVDEF_TEMPLATES, HVDEF_USER, '');
+ havp_set_file_access(HVDEF_TEMPLATES_EX, HVDEF_USER, '');
# log files exists ?
- if (!file_exists(HV_LOGDIR . HV_ACCESSLOG)) file_put_contents(HV_LOGDIR . HV_ACCESSLOG, '');
- if (!file_exists(HV_LOGDIR . HV_LOG)) file_put_contents(HV_LOGDIR . HV_LOG, '');
+ if (!file_exists(HVDEF_HAVP_ACCESSLOG)) file_put_contents(HVDEF_HAVP_ACCESSLOG, '');
+ if (!file_exists(HVDEF_HAVP_ERRORLOG)) file_put_contents(HVDEF_HAVP_ERRORLOG, '');
# log dir permissions
- set_file_access(HV_LOGDIR, HV_USER, '0764');
+ havp_set_file_access(HVDEF_LOG_DIR, HVDEF_USER, '0764');
# pid file
- if (!file_exists(HV_PIDFILE)) file_put_contents(HV_PIDFILE, '');
- set_file_access(HV_PIDFILE, HV_USER, '0664');
+ if (!file_exists(HVDEF_PID_FILE)) file_put_contents(HVDEF_PID_FILE, '');
+ havp_set_file_access(HVDEF_PID_FILE, HVDEF_USER, '0664');
# freshclam config permissions
- if (!file_exists(HV_FRESHCLAM_CONFIGFILE)) file_put_contents(HV_FRESHCLAM_CONFIGFILE, '');
- set_file_access(HV_FRESHCLAM_CONFIGFILE, HV_AV_USER, '0664');
+ if (!file_exists(HVDEF_FRESHCLAM_CONF)) file_put_contents(HVDEF_FRESHCLAM_CONF, '');
+ havp_set_file_access(HVDEF_FRESHCLAM_CONF, HVDEF_AVUSER, '0664');
# log files exists ?
- if (!file_exists(HV_AVLOGDIR . '/clamd.log')) file_put_contents(HV_AVLOGDIR . '/clamd.log', '');
- if (!file_exists(HV_AVLOGDIR . '/freshclam.log')) file_put_contents(HV_AVLOGDIR . '/freshclam.log', '');
+ if (!file_exists(HVDEF_CLAM_LOG)) file_put_contents(HVDEF_CLAM_LOG, '');
+ if (!file_exists(HVDEF_FRESHCLAM_LOG)) file_put_contents(HVDEF_FRESHCLAM_LOG, '');
# log dir permissions
- set_file_access(HV_AVLOGDIR, HV_USER, '0777');
+ havp_set_file_access(HVDEF_AVLOG_DIR, HVDEF_USER, '0777');
- # checking dir's and permissions
- # "DatabaseDirectory /var/db/clamav";
- # "UpdateLogFile /var/log/clamav/freshclam.log";
+ # =-= ClamAV =-=
+ # catalog for Pid and Socket files
+ if (!file_exists(HVDEF_CLAM_RUNDIR))
+ mwexec("mkdir -p " . HVDEF_CLAM_RUNDIR);
+ havp_set_file_access(HVDEF_CLAM_RUNDIR, HVDEF_USER, '0774');
# AV update script
- file_put_contents(HV_AVUPD_SCRIPT, havp_AVupdate_script());
- set_file_access(HV_AVUPD_SCRIPT, HV_AV_USER, '0755');
-}
+ file_put_contents(HVDEF_AVUPD_SCRIPT, havp_AVupdate_script());
+ havp_set_file_access(HVDEF_AVUPD_SCRIPT, HVDEF_AVUSER, '0755');
-function havp_validate_settings($post, $input_errors) {
- $submit = isset($_GET['submit']) ? $_GET['submit'] : $_POST['submit'];
+ # startup script's (havp and clamd)
+ havp_startup_script();
+ hv_clamd_startup_script();
- # manual update AV database
- if ($submit === 'Update_AV')
- havp_update_AV();
- else {
- $prxport = trim($post[XML_PROXYPORT]);
- if (!empty($prxport) && !is_port($prxport))
- $input_errors[] = 'You must enter a valid port number in the \'Proxy port\' field';
+ # havp filter script
+ if (1 /*!file_exists(HVDEF_FILTER_RESYNC_SCRIPT)*/) {
+ file_put_contents(HVDEF_FILTER_RESYNC_SCRIPT, havp_filter_resync_script());
+ havp_set_file_access(HVDEF_FILTER_RESYNC_SCRIPT, HVDEF_AVUSER, '0755');
+ }
- # check whitelist
- $lst = explode("\n", str_replace(" ", "\n", $post[XML_WHITELIST]));
- foreach ($lst as $dm) {
- $dm = trim($dm);
- if ($dm && check_bw_domain($dm) === false)
- $input_errors[] = "Invalid whitelist element '$dm'.";
- }
+ # mount RAMDisk
+ mountRAMdisk(true);
+}
+# ==============================================================================
+# Reconfigure package parts
+# ==============================================================================
+function havp_reconfigure_clamd()
+{
+ file_put_contents (HVDEF_CLAM_CONFIG, havp_config_clam());
+ havp_set_file_access(HVDEF_CLAM_CONFIG, HVDEF_USER, '0664');
+}
+# ------------------------------------------------------------------------------
+function havp_reconfigure_freshclam()
+{
+ # config freshclam
+ file_put_contents (HVDEF_FRESHCLAM_CONF, havp_config_freshclam());
+ havp_set_file_access(HVDEF_FRESHCLAM_CONF, HVDEF_USER, '0664');
+}
+# ------------------------------------------------------------------------------
+function havp_reconfigure_cron()
+{
+ global $havp_config;
- # check blacklist
- $lst = explode("\n", str_replace(" ", "\n", $post[XML_BLACKLIST]));
- foreach ($lst as $dm) {
- $dm = trim($dm);
- if ($dm && check_bw_domain($dm) === false)
- $input_errors[] = "Invalid blacklist element '$dm'.";
+ # cron task
+ $on = false;
+ $optval = array("", "*/1", "*/2", "*/3", "*/4", "*/6", "*/8", "*/12", "0");
+ $opt = array("0", "*", "*", "*", "*", "root", "/usr/bin/nice -n20 " . HVDEF_AVUPD_SCRIPT);
+ $opt[1] = $optval[$havp_config[F_HAVPUPDATE]];
+ $on = ($opt[1] !== "");
+
+ havp_setup_cron(HVDEF_CLAM_UPD_CRONNAME, $opt, $on);
+}
+# ------------------------------------------------------------------------------
+# Convert conf to XML
+# ------------------------------------------------------------------------------
+function havp_convert_pfxml_xml()
+{
+ global $config, $havp_config;
+
+ $pfconf = $config['installedpackages'][HVFORM_HAVP]['config'][0];
+
+ # === GUI Fields ===
+ $havp_config[F_ENABLE] = ( $pfconf[F_ENABLE] === 'on' ? 'true' : 'false' );
+
+ # proxy
+ $havp_config[F_PROXYMODE] = ( !empty($pfconf[F_PROXYMODE]) ? $pfconf[F_PROXYMODE] : 'standard' );
+# ToDo: add check squid transparent
+ $havp_config[F_PROXYINTERFACE] = $pfconf[F_PROXYINTERFACE];
+ $havp_config[F_PROXYPORT] = ( !empty($pfconf[F_PROXYPORT]) ? $pfconf[F_PROXYPORT] : HVDEF_PROXYPORT );
+# ToDo: add check squid proxy port
+
+ # parent proxy
+ # [F_PARENTPROXY] = "proxy_ip:port"
+ $pfconf[F_PARENTPROXY] = trim($pfconf[F_PARENTPROXY]);
+ if (!empty($pfconf[F_PARENTPROXY])) {
+ $parent = explode(":", trim($pfconf[F_PARENTPROXY]));
+ $havp_config[F_PARENTPROXY] = array( 'ip' => $parent[0], 'port' => $parent[1] );
+ }
+ else $havp_config[F_PARENTPROXY] = '';
+
+ # language
+ $havp_config[F_LANGUAGE] = trim($pfconf[F_LANGUAGE]);
+
+ # proxy settings
+ $havp_config[F_ENABLEFORWARDEDIP] = ( $pfconf[F_ENABLEFORWARDEDIP] === 'on' ? 'true' : 'false' );
+ $havp_config[F_ENABLEXFORWARDEDFOR] = ( $pfconf[F_ENABLEXFORWARDEDFOR] === 'on' ? 'true' : 'false' );
+ $havp_config[F_MAXDOWNLOADSIZE] = ( is_numeric($pfconf[F_MAXDOWNLOADSIZE]) ? $pfconf[F_MAXDOWNLOADSIZE] : 0 );
+ $havp_config[F_RANGE] = ( $pfconf[F_RANGE] === 'on' ? 'true' : 'false' );
+ $havp_config[F_ENABLERAMDISK] = ( $pfconf[F_ENABLERAMDISK] === 'on' ? 'true' : 'false' );
+
+ # =-= Temp RAMDisk =-=
+ # use RAMDisk if only capacity > calculated [MAXSCANSIZE * 50 connections]
+ # =-=
+ # before config manage Temp Dir = RAMDisk|Hard Disk
+ $havp_config[HV_SCANTEMPFILE] = HVDEF_HAVPTEMP_DIR . HVDEF_SCANTEMPFILE;
+ if ($havp_config[F_ENABLERAMDISK] === 'true') {
+ $sys_capacity = get_memory();
+ $mem_capacity = intval($sys_capacity[0]) / 4; # [Mb]
+ $calculated = 50 * $havp_config[F_SCANMAXSIZE] / (1024 * 1024); # [Mb]
+
+ # this is restriction need for balancing between pfSense and HAVP work speed
+ # we can not allocate memory at the expense of other services of the pfSense
+ if ($mem_capacity > $calculated) {
+ # re-define temp file to RAM Disk
+ $havp_config[HV_SCANTEMPFILE] = HVDEF_RAMTEMP_DIR . HVDEF_SCANTEMPFILE;
}
+ else
+ log_error("havp: RAMDisk not used. Diagnostic: system {$sys_capacity[0]}Mb, avialable {$mem_capacity}Mb, calculated {$calculated}Mb. Try reducing 'MAXSCANSIZE' value.");
}
+ # scanner
+ $havp_config[F_FAILSCANERROR] = ( $pfconf[F_FAILSCANERROR] === 'on' ? 'true' : 'false' );
+ $havp_config[F_SCANMAXSIZE] = ( is_numeric($pfconf[F_SCANMAXSIZE]) ? $pfconf[F_SCANMAXSIZE] : HVDEF_MAXSCANSIZE ) * 1024; # KB -> Byte
+ $havp_config[F_SCANIMG] = ( $pfconf[F_SCANIMG] === 'on' ? 'true' : 'false' );
+ $havp_config[F_SCANARC] = ( $pfconf[F_SCANARC] === 'on' ? 'true' : 'false' );
+ $havp_config[F_SCANSTREAM] = ( $pfconf[F_SCANSTREAM] === 'on' ? 'true' : 'false' );
+ $havp_config[F_SCANARCMAXSIZE] = ( is_numeric($pfconf[F_SCANARCMAXSIZE]) ? $pfconf[F_SCANARCMAXSIZE] : HVDEF_MAXARCSCANSIZE );
+ # log
+ $havp_config[F_SYSLOG] = ( $pfconf[F_SYSLOG] === 'on' ? 'true' : 'false' );
+ $havp_config[F_LOG] = ( $pfconf[F_LOG] === 'on' ? 'true' : 'false' );
+ $havp_config[F_AVSETSYSLOG] = ( $pfconf[F_AVSETSYSLOG] === 'on' ? 'true' : 'false' );
+ $havp_config[F_AVSETLOG] = ( $pfconf[F_AVSETLOG] === 'on' ? 'true' : 'false' );
+ #
+ # =-= Internal variables =-=
+ # proxy
+ $havp_config[F_PROXYBINDIFACE] = 'localhost';
+ # language template files path
+ $havp_config[F_TEMPLATEPATH] = ( file_exists(HVDEF_TEMPLATES_EX) ? HVDEF_TEMPLATES_EX : HVDEF_TEMPLATES );
+ $havp_config[F_TEMPLATEPATH] .= ( !empty($havp_config[F_LANGUAGE]) ? "/{$havp_config[F_LANGUAGE]}" : "/en" );
+ #
+ # =-= HVFORM_AVSET =-=
+ # av settings
+ $pf_avset_conf = $config['installedpackages'][HVFORM_AVSET]['config'][0];
+ $havp_config[F_HAVPUPDATE] = $pf_avset_conf[F_HAVPUPDATE];
+ $havp_config[F_DBREGION] = $pf_avset_conf[F_DBREGION];
+ $havp_config[F_AVUPDATESERVER] = $pf_avset_conf[F_AVUPDATESERVER];
+ #
+ # store havp config cache
+ $cfg_xml = dump_xml_config($havp_config, 'havp');
+ file_put_contents(HVDEF_HAVP_XMLCONF, $cfg_xml);
+ return $havp_config;
}
+# ------------------------------------------------------------------------------
+# config
+# ------------------------------------------------------------------------------
+# HAVP config
+function havp_config_havp()
+{
+ global $havp_config;
-function havp_config() {
- global $config;
- $pfconf = $config['installedpackages']['havp']['config'][0];
$conf = array();
-
$conf[] =
"# ============================================================
# HAVP config file
@@ -226,171 +529,250 @@ function havp_config() {
# email: dv_serg@mail.ru
# ============================================================
";
-
- $conf[] = "USER " . HV_USER;
- $conf[] = "GROUP " . HV_USER;
- $conf[] = "DAEMON true";
- $conf[] = "PIDFILE " . HV_PIDFILE;
- $conf[] = "\n# For single user home use, 8 should be minimum.";
+ $conf[] = "USER " . HVDEF_USER;
+ $conf[] = "GROUP " . HVDEF_GROUP;
+ $conf[] = "DAEMON true";
+ $conf[] = "PIDFILE " . HVDEF_PID_FILE;
+ $conf[] = "\n# For small home use, 8 should be minimum.";
$conf[] = "# For 500 users corporate use, start at 40.";
- $conf[] = "SERVERNUMBER 3";
- $conf[] = "MAXSERVERS 100";
-
+ $conf[] = "SERVERNUMBER " . HVDEF_HAVP_MINSRV;
+ $conf[] = "MAXSERVERS " . HVDEF_HAVP_MAXSRV;
# log
$conf[] = "\n# log ";
- $conf[] = "ACCESSLOG " . HV_LOGDIR . HV_ACCESSLOG;
- $conf[] = "ERRORLOG " . HV_LOGDIR . HV_LOG;
+ $conf[] = "ACCESSLOG " . HVDEF_HAVP_ACCESSLOG;
+ $conf[] = "ERRORLOG " . HVDEF_HAVP_ERRORLOG;
# syslog
- $syslog = ($pfconf[XML_SYSLOG] === 'on') ? 'true' : 'false';
$conf[] = "\n# syslog";
- $conf[] = "USESYSLOG $syslog"; # use syslog?
- $conf[] = "SYSLOGNAME havp";
+ $conf[] = "USESYSLOG {$havp_config[F_SYSLOG]}";
+ $conf[] = "SYSLOGNAME havp";
$conf[] = "SYSLOGFACILITY daemon";
- $conf[] = "SYSLOGLEVEL info";
+ $conf[] = "SYSLOGLEVEL " . (HV_DEBUG === 'true' ? "debug" : "info"); # err | warning | info | debug
#
$conf[] = "\n# Level of HAVP logging\n# 0 = Only serious errors and information\n# 1 = Less interesting information is included";
- $conf[] = "LOG_OKS true"; # true - for debug, false - for work
- $conf[] = "LOGLEVEL 1"; # 0 - work level, 1 - debug level
-
+ $conf[] = "LOG_OKS " . ( HV_DEBUG === 'true' ? "true" : "false" ); # true - for debug, false - for work
+ $conf[] = "LOGLEVEL 1"; # . ( HV_DEBUG === 'true' ? "1" : "0" ); # 0 - work level, 1 - debug level
# temp
$conf[] = "\n# temp ";
- $conf[] = "SCANTEMPFILE " . HV_TEMPDIR . HV_SCANTEMPFILE;
- $conf[] = "TEMPDIR " . HV_TEMPDIR;
-
+ $conf[] = "SCANTEMPFILE " . $havp_config[HV_SCANTEMPFILE];
+ $conf[] = "TEMPDIR " . HVDEF_TEMP_DIR;
+ #
$conf[] = "\n#";
- $conf[] = "DBRELOAD 180";
- $conf[] = "TRANSPARENT false";
- $conf[] = "FORWARDED_IP false";
-
- # X-FORWARD
- $conf[] = "\n# X-FORWARD: proxy can include system's IP address or name in the HTTP requests it forwards";
- $v = ($pfconf[XML_XFORWARDEDFOR] === 'on') ? "true" : "false";
- $conf[] = "X_FORWARDED_FOR $v";
-
+ $conf[] = "DBRELOAD 180";
+ $conf[] = "TRANSPARENT " . ( $havp_config[F_PROXYMODE] === 'transparent' ? "true" : "false" );
+ # X-FORWARD, X-FORWARDED-FOR options
+ $conf[] = "\n# if HAVP is used as parent proxy by some other proxy, this allows to write the real users IP to log, instead of proxy IP.";
+ $conf[] = "FORWARDED_IP " . $havp_config[F_ENABLEFORWARDEDIP];
+ $conf[] = "X_FORWARDED_FOR " . $havp_config[F_ENABLEXFORWARDEDFOR];
# parent proxy = [proxy:port]
- if (!empty($pfconf[XML_PARENTPROXY])) {
- $prxy = str_replace(" ", ":", $pfconf[XML_PARENTPROXY]);
- $prxy = explode(":", $prxy);
+ if (!empty($havp_config[F_PARENTPROXY])) {
$conf[] = "\n# parent proxy ";
- $conf[] = "PARENTPROXY {$prxy[0]}";
- $conf[] = "PARENTPORT {$prxy[1]}";
+ $conf[] = "PARENTPROXY {$havp_config[F_PARENTPROXY]['ip']}";
+ $conf[] = "PARENTPORT {$havp_config[F_PARENTPROXY]['port']}";
}
-
# proxy listening on
$conf[] = "\n# havp is listening on ";
- $pxyport = HV_DEFAULTPORT;
- $pxyaddr = HV_DEFAULTADDR;
- if (!empty($pfconf[XML_PROXYPORT])) $pxyport = $pfconf[XML_PROXYPORT];
- if ($pfconf[XML_USEEXTIFACE] === 'on' && !empty($pfconf[XML_PROXYIFACE])) {
- $pxyaddr = get_real_interface_address($pfconf[XML_PROXYIFACE]);
- $pxyaddr = $pxyaddr[0];
- }
- $conf[] = "PORT $pxyport";
- $conf[] = "BIND_ADDRESS $pxyaddr";
-
+ $conf[] = "PORT {$havp_config[F_PROXYPORT]}";
+ # bind to ip address
+ $bind_iface = get_real_interface_address($havp_config[F_PROXYBINDIFACE]);
+ $conf[] = "BIND_ADDRESS {$bind_iface[0]}";
# template files language
$conf[] = "\n# Path to template files ";
- if (!empty($pfconf[XML_LANGUAGE]))
- $conf[] = "TEMPLATEPATH " . HV_TEMPLATEPATH . "/" . trim($pfconf[XML_LANGUAGE]);
- else $conf[] = "TEMPLATEPATH " . HV_TEMPLATEPATH . "/en";
-
+ $conf[] = "TEMPLATEPATH {$havp_config[F_TEMPLATEPATH]}";
+ #
$conf[] = "\n# whitelist and blacklist";
$conf[] = "WHITELISTFIRST true";
- $conf[] = "WHITELIST /usr/local/etc/havp" . HV_WHITELISTFILE;
- $conf[] = "BLACKLIST /usr/local/etc/havp" . HV_BLACKLISTFILE;
-
+ $conf[] = "WHITELIST " . HVDEF_HAVP_WHITELIST;
+ $conf[] = "BLACKLIST " . HVDEF_HAVP_BLACKLIST;
# failscanerror - pass/block files if scanner error
$conf[] = "\n# block file if error scanning";
- $v = ($pfconf[XML_FAILSCANERROR] === 'on') ? "true" : "false";
- $conf[] = "FAILSCANERROR $v";
-
+ $conf[] = "FAILSCANERROR {$havp_config[F_FAILSCANERROR]}";
+ #
$conf[] = "\n# scanner ";
$conf[] = "SCANNERTIMEOUT 10";
- $conf[] = "RANGE false";
-
- $conf[] = "\n# stream";
- $conf[] = "STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS";
- $conf[] = "STREAMSCANSIZE 20000";
-
- # scan image
- $v = ($pfconf[XML_SCANIMG] === 'on') ? "true" : "false";
- $conf[] = "SCANIMAGES $v";
-
- $val = (!empty($pfconf[XML_SCANMAXSIZE]) && is_numeric($pfconf[XML_SCANMAXSIZE])) ? $pfconf[XML_SCANMAXSIZE] : 0;
- $conf[] = "MAXSCANSIZE $v";
-
- $conf[] = "# KEEPBACKBUFFER 200000";
- $conf[] = "# KEEPBACKTIME 5";
+ #
+ if ($havp_config[F_SCANSTREAM] === 'true') {
+ #
+ $conf[] = "\n# always allow range, if stream scan enabled";
+ $conf[] = "RANGE true";
+ $conf[] = "\n# stream scan enabled";
+ $conf[] = "STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS";
+ $conf[] = "STREAMSCANSIZE 2000";
+ }
+ else {
+ # renew downloads ?
+ $conf[] = "RANGE {$havp_config[F_RANGE]}";
+ $conf[] = "\n# stream scan disabled";
+ $conf[] = "STREAMSCANSIZE 0";
+ }
+ # scan options
+ $conf[] = "SCANIMAGES {$havp_config[F_SCANIMG]}";
+ $conf[] = "MAXSCANSIZE {$havp_config[F_SCANMAXSIZE]}";
+ #
+ $conf[] = "KEEPBACKBUFFER 200000";
+ $conf[] = "KEEPBACKTIME 5";
+ #
$conf[] = "# After Trickling Time (seconds), some bytes are sent to browser to keep the connection alive";
- $conf[] = "TRICKLING 30";
-
+ $conf[] = "TRICKLING 10";
+ $conf[] = "TRICKLINGBYTES 1";
+ #
$conf[] = "# Downloads larger than MAXDOWNLOADSIZE will be blocked.";
- $val = (!empty($pfconf[XML_DOWNLOADMAXSIZE]) && is_numeric($pfconf[XML_DOWNLOADMAXSIZE])) ? $pfconf[XML_DOWNLOADMAXSIZE] : 0;
- $conf[] = "MAXDOWNLOADSIZE $val";
-
+ $conf[] = "MAXDOWNLOADSIZE {$havp_config[F_MAXDOWNLOADSIZE]}";
+ #
$conf[] = "\n# ClamAV Library Scanner (libclamav) ";
- $conf[] = "ENABLECLAMLIB true";
- $conf[] = "# Should we block encrypted archives?";
- $conf[] = "# CLAMBLOCKENCRYPTED false";
- $conf[] = "# Should we block files that go over maximum archive limits?";
- $conf[] = "# CLAMBLOCKMAX false";
- $conf[] = "# Scanning limits inside archives (filesize = MB):";
- $conf[] = "# CLAMMAXFILES 1000";
- $conf[] = "# CLAMMAXFILESIZE 10";
- $conf[] = "# CLAMMAXRECURSION 8";
- $conf[] = "# CLAMMAXRATIO 250";
-
+ $conf[] = "ENABLECLAMLIB " . (HV_USE_CLAMD !== 'true' ? "true" : "false");
+ # use clamd, if configured
+ if (HV_USE_CLAMD === 'true') {
+ $conf[] = "\n# Clamd scanner (Clam daemon)";
+ $conf[] = "ENABLECLAMD true";
+ # clamd socket
+ if (HV_CLAMD_TCPSOCKET === 'true') {
+ $conf[] = "CLAMDSERVER 127.0.0.1";
+ $conf[] = "CLAMDPORT " . HVDEF_CLAM_TCPSOCKET;
+ }
+ else $conf[] = "CLAMDSOCKET " . HVDEF_CLAM_SOCKET;
+ }
$conf[] = "";
return implode("\n", $conf);
}
+# ------------------------------------------------------------------------------
+# Clamd config
+# ------------------------------------------------------------------------------
+function havp_config_clam()
+{
+ global $havp_config;
+ $conf = array();
+ $conf[] =
+"# ==============================================================================
+# CLAMD config file
+# This file generated automaticly with HAVP configurator (part of pfSense)
+# (C)2008 Serg Dvoriancev
+# email: dv_serg@mail.ru
+# ==============================================================================
+";
+ $conf[] = "# log";
+ $conf[] = "LogFile " . HVDEF_CLAM_LOG;
+ $conf[] = "LogFileUnlock yes";
+ $conf[] = "LogFileMaxSize 1M";
+ $conf[] = "LogTime yes";
+ $conf[] = "LogClean no";
+ $conf[] = "LogSyslog yes"; # todo - íàñòðîéêè Ãóÿ
+ $conf[] = "LogFacility LOG_LOCAL6";
+ $conf[] = "LogVerbose no";
+ #
+ $conf[] = "\n# sysdirs";
+ $conf[] = "PidFile " . HVDEF_CLAM_PID;
+ $conf[] = "TemporaryDirectory " . HVDEF_TEMP_DIR;
+ $conf[] = "DatabaseDirectory /var/db/clamav";
+ #
+ $conf[] = "\n# socket";
+ $conf[] = "LocalSocket " . HVDEF_CLAM_SOCKET;
+ $conf[] = "FixStaleSocket yes";
+ #
+ if (HV_CLAMD_TCPSOCKET === 'true') {
+ $conf[] = "TCPAddr 127.0.0.1";
+ $conf[] = "TCPSocket " . HVDEF_CLAM_TCPSOCKET;
+ }
+ $conf[] = "MaxConnectionQueueLength 30";
+ #
+ $conf[] = "\n# daemon";
+ $conf[] = "MaxThreads 100";
+ #
+ $conf[] = "\n# scanner";
+ $conf[] = "MaxDirectoryRecursion 255";
+ $conf[] = "FollowDirectorySymlinks no"; # not need scan symbol links dirs
+ $conf[] = "FollowFileSymlinks yes";
+ $conf[] = "# perform a database check.(sec) [3600 sec = 60 min]";
+ $conf[] = "SelfCheck 3600";
+ $conf[] = "# detect possibly unwanted applications.";
+ $conf[] = "DetectPUA no"; # possible unwanted applications
+ $conf[] = "AlgorithmicDetection yes";
+ $conf[] = "# executable";
+ $conf[] = "ScanPE yes";
+ $conf[] = "ScanELF yes";
+ $conf[] = "DetectBrokenExecutables yes";
+ $conf[] = "# documents";
+ $conf[] = "ScanOLE2 yes";
+ $conf[] = "ScanPDF yes";
+ $conf[] = "# email";
+ $conf[] = "ScanMail yes";
+ $conf[] = "MailFollowURLs no";
+ $conf[] = "PhishingSignatures yes";
+ $conf[] = "PhishingScanURLs yes";
+ $conf[] = "PhishingAlwaysBlockSSLMismatch no";
+ $conf[] = "PhishingAlwaysBlockCloak no";
+ $conf[] = "# html";
+ $conf[] = "ScanHTML yes";
+ $conf[] = "# archives";
+ $conf[] = "ScanArchive yes";
+ $conf[] = "ArchiveLimitMemoryUsage no";
+ $conf[] = "ArchiveBlockEncrypted no";
+ $conf[] = "# limits";
+ $conf[] = "MaxScanSize 50M";
+ $conf[] = "MaxFileSize 30M";
+ $conf[] = "MaxRecursion 255";
+ $conf[] = "MaxFiles 10000";
+ #
+ $conf[] = "\n# system";
+ $conf[] = "User root"; # . HVDEF_USER; # mast have full access to files for scan
+ $conf[] = "AllowSupplementaryGroups yes";
+ $conf[] = "Debug " . (HV_DEBUG === 'true' ? "yes" : "no");
+ #
+ $conf[] = "";
+ return implode("\n", $conf);
+}
+# ------------------------------------------------------------------------------
+# FreshClamAV config
+# ------------------------------------------------------------------------------
function havp_config_freshclam()
{
- global $config;
- $pfconf = $config['installedpackages']['havp']['config'][0];
+ global $havp_config;
+ $pfconf = $havp_config;
$conf = array();
$conf[] =
-"# ============================================================
+"# ==============================================================================
# freshclam(HAVP) config file
# This file generated automaticly with HAVP configurator (part of pfSense)
# (C)2008 Serg Dvoriancev
# email: dv_serg@mail.ru
-# ============================================================
+# ==============================================================================
";
$conf[] = "DatabaseDirectory /var/db/clamav";
-# --
-# disable log to file while error not solved:
-# "ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log)."
-# --
-# $conf[] = "UpdateLogFile /var/log/clamav/freshclam.log";
- if ($pfconf[XML_SYSLOG] === 'on') {
+ # log
+ $conf[] = "UpdateLogFile " . HVDEF_FRESHCLAM_LOG;
+ $conf[] = "LogFileMaxSize 10M";
+ $conf[] = "LogTime yes";
+ $conf[] = "LogVerbose yes";
+
+ # Syslog
+ if ($pfconf[F_AVSETSYSLOG] === 'true') {
$conf[] = "\n# syslog";
- $conf[] = "LogSyslog yes";
- $conf[] = "LogFacility LOG_LOCAL6"; # LOG_LOCAL6 | LOG_MAIL
+ $conf[] = "LogSyslog yes";
+ $conf[] = "LogFacility LOG_LOCAL6"; # LOG_LOCAL6 | LOG_MAIL
}
$conf[] = "\n# pid";
$conf[] = "PidFile /var/run/clamav/freshclam.pid";
$conf[] = "\n# db";
- $conf[] = "DatabaseOwner clamav";
+ $conf[] = "DatabaseOwner clamav";
$conf[] = "AllowSupplementaryGroups yes";
- $conf[] = "DNSDatabaseInfo current.cvd.clamav.net";
+ $conf[] = "DNSDatabaseInfo current.cvd.clamav.net";
- $avsrv = $pfconf['avupdateserver'];
+ $avsrv = $pfconf[F_AVUPDATESERVER];
$avsrv = explode(" ", trim($avsrv));
foreach ($avsrv as $asr)
if (!empty($asr))
- $conf[] = "DatabaseMirror $asr";
+ $conf[] = "DatabaseMirror $asr";
# regional mirror
- if (!empty($pfconf['dbregion'])) {
+ if (!empty($pfconf[F_DBREGION])) {
$conf[] = '# regional db';
- switch($pfconf['dbregion']) {
+ switch($pfconf[F_DBREGION]) {
case 'au': $conf[] = "DatabaseMirror clamav.mirror.ayudahosting.com.au"; break; # australia
case 'ca': $conf[] = "DatabaseMirror clamav.mirror.rafal.ca"; break; # canada
case 'cn': $conf[] = "DatabaseMirror 4most2.clamav.ialfa.net"; break; # china
@@ -408,26 +790,58 @@ function havp_config_freshclam()
}
}
-# $conf[] = "DatabaseMirror db.ru.clamav.net";
-# $conf[] = "DatabaseMirror db.us.clamav.net";
+ $conf[] = "DatabaseMirror db.at.clamav.net";
+ $conf[] = "DatabaseMirror db.au.clamav.net";
+ $conf[] = "DatabaseMirror db.ba.clamav.net";
+ $conf[] = "DatabaseMirror db.be.clamav.net";
+ $conf[] = "DatabaseMirror db.ca.clamav.net";
+ $conf[] = "DatabaseMirror db.ch.clamav.net";
+ $conf[] = "DatabaseMirror db.cn.clamav.net";
+ $conf[] = "DatabaseMirror db.cr.clamav.net";
+ $conf[] = "DatabaseMirror db.cy.clamav.net";
+ $conf[] = "DatabaseMirror db.cz.clamav.net";
+ $conf[] = "DatabaseMirror db.de.clamav.net";
+ $conf[] = "DatabaseMirror db.dk.clamav.net";
+ $conf[] = "DatabaseMirror db.ec.clamav.net";
+ $conf[] = "DatabaseMirror db.ee.clamav.net";
+ $conf[] = "DatabaseMirror db.es.clamav.net";
+ $conf[] = "DatabaseMirror db.fi.clamav.net";
+ $conf[] = "DatabaseMirror db.fr.clamav.net";
+ $conf[] = "DatabaseMirror db.gr.clamav.net";
+ $conf[] = "DatabaseMirror db.hk.clamav.net";
+ $conf[] = "DatabaseMirror db.hu.clamav.net";
+ $conf[] = "DatabaseMirror db.id.clamav.net";
+ $conf[] = "DatabaseMirror db.ie.clamav.net";
+ $conf[] = "DatabaseMirror db.it.clamav.net";
+ $conf[] = "DatabaseMirror db.jp.clamav.net";
+ $conf[] = "DatabaseMirror db.kr.clamav.net";
+ $conf[] = "DatabaseMirror db.li.clamav.net";
+ $conf[] = "DatabaseMirror db.lt.clamav.net";
+ $conf[] = "DatabaseMirror db.lv.clamav.net";
+ $conf[] = "DatabaseMirror db.mt.clamav.net";
+ $conf[] = "DatabaseMirror db.my.clamav.net";
+ $conf[] = "DatabaseMirror db.ml.clamav.net";
+ $conf[] = "DatabaseMirror db.no.clamav.net";
+ $conf[] = "DatabaseMirror db.pl.clamav.net";
+ $conf[] = "DatabaseMirror db.pt.clamav.net";
+ $conf[] = "DatabaseMirror db.ro.clamav.net";
+ $conf[] = "DatabaseMirror db.ru.clamav.net";
+ $conf[] = "DatabaseMirror db.se.clamav.net";
+ $conf[] = "DatabaseMirror db.sk.clamav.net";
+ $conf[] = "DatabaseMirror db.th.clamav.net";
+ $conf[] = "DatabaseMirror db.tr.clamav.net";
+ $conf[] = "DatabaseMirror db.tw.clamav.net";
+ $conf[] = "DatabaseMirror db.ua.clamav.net";
+ $conf[] = "DatabaseMirror db.uk.clamav.net";
+ $conf[] = "DatabaseMirror db.za.clamav.net";
$conf[] = "\n# DO NOT TOUCH the following line ";
$conf[] = "DatabaseMirror database.clamav.net";
$conf[] = "\n# Number of database checks per day. Default: 12 (every two hours)";
$chks = 0;
- switch($pfconf['havpavupdate']) {
- case 'none': $chks = 0; break;
- case 'hv_01h': $chks = 24; break;
- case 'hv_02h': $chks = 12; break;
- case 'hv_03h': $chks = 8; break;
- case 'hv_04h': $chks = 6; break;
- case 'hv_06h': $chks = 4; break;
- case 'hv_08h': $chks = 3; break;
- case 'hv_12h': $chks = 2; break;
- case 'hv_24h': $chks = 1; break;
- }
$conf[] = "Checks $chks";
+ $conf[] = "Debug " . (HV_DEBUG === 'true' ? "yes" : "no");
# $conf[] = "# Proxy settings"; # future
#HTTPProxyServer myproxy.com
@@ -447,13 +861,51 @@ function havp_config_freshclam()
# Enable debug messages in libclamav.
# Default: disabled
-#Debug
+#Debug yes
$conf[] = "";
return implode("\n", $conf);
}
+# ------------------------------------------------------------------------------
+# configure squid
+function havp_configure_squid()
+{
+ global $config, $havp_config;
+ $new_opt = array();
+ $on_configure = ($havp_config[F_PROXYMODE] === 'squid' ? true : false);
+
+ if (!isset($config['installedpackages']['squid']['config'][0]['custom_options'])) return;
+
+ if ($on_configure === true) {
+ $new_opt[] = "never_direct allow all";
+ $new_opt[] = "cache_peer 127.0.0.1 parent {$havp_config[F_PROXYPORT]} 0 name=havp no-query no-digest no-netdb-exchange default";
+ }
+
+ # copy options, but not 'cache_peer' option
+ $cust_opt = explode(";", $config['installedpackages']['squid']['config'][0]['custom_options']);
+ foreach($cust_opt as $key => $val) {
+ if (strpos($val, "never_direct") !== false) continue;
+ if (strpos($val, "cache_peer 127.0.0.1 parent") !== false) continue;
+ $new_opt[] = $val;
+ }
-function havp_whitelist_def() {
+ $new_opt = implode(";", $new_opt);
+ if (/*is_package_installed('squid') && */file_exists('/usr/local/pkg/squid.inc')) {
+ # squid config update
+ $config['installedpackages']['squid']['config'][0]['custom_options'] = $new_opt;
+
+ # disable upstream proxy
+ if ($on_configure === true)
+ $config['installedpackages']['squidupstream']['config'][0]['proxy_forwarding'] = '';
+
+ write_config('Update redirector options to squid config.');
+ require_once('squid.inc');
+ squid_resync();
+ }
+}
+# ------------------------------------------------------------------------------
+function havp_whitelist_def()
+{
$whitelist = array();
$whitelist[] = "*sourceforge.net/*clamav-*";
@@ -465,45 +917,25 @@ function havp_whitelist_def() {
return implode("\n", $whitelist);
}
-
-# RAM disk
-# Mem - RAM
-# 128M - 16M
-# 256M - 32M
-# 512M - 64M
-# 1G - 128M
-#
-function mountRAMdisk()
+# ==============================================================================
+# Utils
+# ==============================================================================
+function havp_set_file_access($dir, $owner, $mod)
{
-# disabled for VMware
-# return;
-
- # detach and free all resources used by /dev/md10:
- mwexec("umount /var/tmp/havp");
- mwexec("mdconfig -d -u 10");
-
- # create and mount a 8MByte swap backed file system on /var/tmp/havp by /dev/md10:
- mwexec("mdconfig -a -t swap -s 1M -u 10");
- mwexec("newfs -U /dev/md10");
- mwexec("mount /dev/md10 /var/tmp/havp");
- mwexec("chmod 1777 /var/tmp/havp");
-}
-
-# ------------------------------------------------------------------------------
-function set_file_access($dir, $owner, $mod) {
mwexec("chgrp -R -v $owner $dir");
mwexec("chown -R -v $owner $dir");
if (!empty($mod)) {
mwexec( "chmod -R -v $mod $dir");
}
}
-
-# Src from squid.inc
-# Copyright (C) 2006 Scott Ullrich
-# Copyright (C) 2006 Fernando Lemos
-function get_real_interface_address($iface) {
+# ------------------------------------------------------------------------------
+# Src from squid.inc Copyright (C) 2006 Scott Ullrich, Fernando Lemos
+function get_real_interface_address($iface)
+{
global $config;
+ if ($iface === 'localhost') return array('127.0.0.1', '');
+
$iface = convert_friendly_interface_to_real_interface_name($iface);
$line = trim(shell_exec("ifconfig $iface | grep inet | grep -v inet6"));
list($dummy, $ip, $dummy2, $netmask) = explode(" ", $line);
@@ -511,16 +943,6 @@ function get_real_interface_address($iface) {
return array($ip, long2ip(hexdec($netmask)));
}
#-------------------------------------------------------------------------------
-
-function havp_update_AV() {
- # AV update script
- if (file_exists(HV_AVUPD_SCRIPT)) {
- file_put_contents(HV_AVUPD_SCRIPT, havp_AVupdate_script());
- set_file_access(HV_AVUPD_SCRIPT, HV_AV_USER, '0755');
- }
- mwexec(HV_AVUPD_SCRIPT);
-}
-
# *** check black/white list domain ***
# Lines can hold URLs with wildcards with following rules:
# Line must cointain Domain/Path
@@ -534,8 +956,9 @@ function havp_update_AV() {
# (4) */*.gif (All .gif are whitelisted)
# (5) www.server-side.de/novirus*
# (6) www.server-side.de/*novirus*
-
-function check_bw_domain($_dm) {
+#-------------------------------------------------------------------------------
+function check_bw_domain($_dm)
+{
$domain = "";
$path = "";
$pos = strpos($_dm, "/");
@@ -550,23 +973,191 @@ function check_bw_domain($_dm) {
}
$fmt = "[a-zA-Z0-9_-]";
-
# Domains can have a wildcard at begin '*xxx.xxx' - *my.domain.com
if (!eregi("^(\*)|((\*){0,1}($fmt\.){0,}$fmt{1,})$", $domain)) return false;
-
# Path can have a wildcard at begin and end '*xxx*'
if ($path && !eregi("^(\*){0,1}(.[^\*][^=]){0,}(\*){0,1}$", $path)) return false;
-
return true;
}
+# ------------------------------------------------------------------------------
+# cron
+# ------------------------------------------------------------------------------
+# $options: [0]='minute', [1]='hour', [2]='mday', [3]='month', [4]='wday', [5]='who', [6]='command'
+#
+function havp_setup_cron($task_name, $options, $on_off)
+{
+ global $config;
+ $cron_item = array();
+
+ # $on_off = TRUE/FALSE - install/deinstall cron task:
+ # prepare new cron item
+ if (is_array($options)) {
+ $cron_item['task_name'] = $task_name;
+ $cron_item['minute'] = $options[0];
+ $cron_item['hour'] = $options[1];
+ $cron_item['mday'] = $options[2];
+ $cron_item['month'] = $options[3];
+ $cron_item['wday'] = $options[4];
+ $cron_item['who'] = ($options[5]) ? $options[5] : 'nobody';
+ $cron_item['command'] = $options[6];
+ }
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-function havp_AVupdate_script() {
+ # unset old cron task with $task_name
+ if (!empty($task_name)) {
+ $flag_cron_upd = false;
+ # delete old cron task if exists
+ foreach($config['cron']['item'] as $key => $val) {
+ if ($config['cron']['item'][$key]['task_name'] === $task_name) {
+ unset($config['cron']['item'][$key]);
+ $flag_cron_upd = true;
+ break;
+ }
+ }
-# *** AV update script ***
+ # set new cron task
+ if (($on_off === true) and !empty($cron_item)) {
+ $config['cron']['item'][] = $cron_item;
+ $flag_cron_upd = true;
+ }
-$scr = <<<EOD
+ # write config and configure cron only if cron task modified
+ if ($flag_cron_upd === true) {
+ write_config("Installed cron task '$task_name' for 'havp' package");
+ configure_cron();
+ }
+ }
+ else {
+ # ! error $name !
+ return;
+ }
+}
+# ------------------------------------------------------------------------------
+# filter rules
+# ------------------------------------------------------------------------------
+function havp_generate_rules($type = 'filter')
+{
+ # 'nat' 'filter'
+ global $config, $havp_config;
+ $rules = array();
+
+ # nothing if havp not running
+ if (!is_service_running('havp')) {
+ if (HV_DEBUG === 'true')
+ log_error("havp: Havp is installed but not started. Filter rules not created.");
+ return;
+ }
+
+ $proxymode = $havp_config[F_PROXYMODE];
+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ # =-= HAVP always listen 127.0.0.1:port =-=
+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ # Proxy mode:
+ # Standard - Filter: Rdr ifaces:port => 127.0.0.1:port
+ # Parent for Squid - Filter: No
+ # Transparent - Filter: Rdr ifaces:port => 127.0.0.1:port;
+ # Rdr Any Http => 127.0.0.1:port + Allow Http traffic via iface
+ # If Squid transparent, then as Standard.
+ # Internal - Filter: No
+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+ $proxybindiface = 'lo0'; # 127.0.0.1
+ $ifaces = array_map('convert_friendly_interface_to_real_interface_name', explode(',', $havp_config[F_PROXYINTERFACE]));
+ $proxyport = ( $havp_config[F_PROXYPORT] ? $havp_config[F_PROXYPORT] : HVDEF_PROXYPORT );
+
+ # squid already transparent
+ $squid_transparent_proxy = ($config['installedpackages']['squid']['config'][0]['transparent_proxy'] == 'on');
+ if (($proxymode === 'transparent') && $squid_transparent_proxy) {
+ $proxymode = 'standard';
+ log_error("Havp: Squid is already configured as transparent proxy. Use 'Standard' proxy mode.");
+ }
+
+ # nat
+ if ($type === 'nat') {
+ $rules[] = "# havp proxy ifaces redirect";
+ foreach($ifaces as $iface) {
+ switch($proxymode) {
+ case 'transparent':
+ # rdr any http => localhost:port
+ $rules[] = "rdr on $iface proto tcp from any to !($iface) port 80 -> $proxybindiface port $proxyport";
+ case 'standard':
+ case 'squid':
+ # rdr iface:port => localhost:port
+ $rules[] = "rdr on $iface proto tcp from any to ($iface) port $proxyport -> $proxybindiface port $proxyport";
+ break;
+ # no more rdr
+ case 'internal':
+ default: break;
+ }
+ }
+ }
+ # filter
+ else {
+ $rules[] = "# havp proxy ifaces rules";
+ foreach($ifaces as $iface) {
+ switch($proxymode) {
+ case 'transparent':
+ # pass http on iface
+ $rules[] = "pass in quick on $iface proto tcp from any to !($iface) port 80 flags S/SA keep state";
+ break;
+ # no more rules
+ case 'standard':
+ case 'squid':
+ case 'internal':
+ default: break;
+ }
+ }
+ }
+
+ return implode("\n", $rules);
+}
+# ------------------------------------------------------------------------------
+function havp_filter_update_3()
+{
+ $rules_file = '/tmp/rules.debug';
+ if (file_exists($rules_file)) {
+ $newrules = array();
+ $rules = file_get_contents($rules_file);
+ $rules = explode("\n", $rules);
+
+ foreach($rules as $val) {
+ $newrules[] = $val;
+ # rdr
+ if (trim($val) === "rdr-anchor \"miniupnpd\"") {
+ $newrules[] = "# havp rdr";
+ $newrules[] = havp_generate_rules('nat');
+ $newrules[] = "";
+ }
+ # rules
+ elseif(trim($val) === "anchor \"miniupnpd\"") {
+ $newrules[] = "# havp rules";
+ $newrules[] = havp_generate_rules('filter');
+ $newrules[] = "";
+ }
+ $rules = implode("\n", $newrules);
+ }
+ file_put_contents($rules_file, $rules);
+ mwexec("pfctl -f $rules_file");
+ }
+}
+# ------------------------------------------------------------------------------
+function havp_update_AV()
+{
+ # AV update script
+ if (file_exists(HVDEF_AVUPD_SCRIPT)) {
+ file_put_contents(HVDEF_AVUPD_SCRIPT, havp_AVupdate_script());
+ havp_set_file_access(HVDEF_AVUPD_SCRIPT, HVDEF_AVUSER, '0755');
+ }
+ mwexec(HVDEF_AVUPD_SCRIPT);
+}
+# ==============================================================================
+# Scripts
+# ==============================================================================
+# AV update script
+function havp_AVupdate_script()
+{
+
+return <<<EOD
#!/bin/sh
# AV update script
# This file was automatically generated
@@ -578,79 +1169,272 @@ wait
wait
EOD;
-# --- AV update script ---
+}
+# ------------------------------------------------------------------------------
+# HAVP service startup script
+function havp_startup_script()
+{
+ global $havp_config;
+ $pid = HVDEF_PID_FILE;
+
+ # rc script
+ $rc = array();
+ $rc['file'] = basename(HVDEF_HAVP_STARTUP_SCRIPT);
+
+ $s[] = "# start";
+ $s[] = "\tif [ -z \"`ps auxw | grep \"[h]avp -c\"|awk '{print $2}'`\" ];then";
+ if (HV_USE_CLAMD === 'true') {
+ $s[] = "\t\t# start clamd before (to be sure)";
+ $s[] = "\t\t/usr/local/etc/rc.d/clamd.sh start";
+ $s[] = "\t\twait";
+ }
+ $s[] = "\t\t/usr/local/sbin/havp -c " . HVDEF_HAVP_CONFIG . " 2>/dev/null";
+ $s[] = "\t\tsleep 2";
+ $s[] = "\tfi";
+ $s[] = "";
+ $rc['start'] = implode("\n", $s);
+ unset($s);
+
+ $s[] = "# stop";
+ $s[] = "\t killall -9 havp 2>/dev/null";
+ $s[] = "\t killall -9 havp 2>/dev/null";
+ $s[] = "\t sleep 2";
+ $s[] = "";
+ $rc['stop'] = implode("\n", $s);
+ unset($s);
+
+ write_rcfile($rc);
+}
+# ------------------------------------------------------------------------------
+# clamd service startup script
+function hv_clamd_startup_script()
+{
+ global $havp_config;
+ $pid = HVDEF_CLAM_PID;
+
+ # rc script
+ $rc = array();
+ $rc['file'] = basename(HVDEF_CLAM_STARTUP_SCRIPT);
+
+ $s[] = "# start";
+ $s[] = "\tif [ -z \"`ps auxw | grep \"[c]lamd -c\"|awk '{print $2}'`\" ];then";
+ $s[] = "\t\t/usr/local/sbin/clamd -c " . HVDEF_CLAM_CONFIG . " 2>/dev/null";
+ $s[] = "\t\twait";
+ $s[] = "\tfi";
+ $s[] = "";
+ $rc['start'] = implode("\n", $s);
+ unset($s);
+
+ $s[] = "#stop";
+ $s[] = "\t killall -9 clamd 2>/dev/null";
+ $s[] = "\t killall -9 clamd 2>/dev/null";
+ $s[] = "\t wait";
+ $s[] = "";
+ $rc['stop'] = implode("\n", $s);
+ unset($s);
+
+ write_rcfile($rc);
+}
+# ------------------------------------------------------------------------------
+# HAVP filter resync script
+function havp_filter_resync_script()
+{
- return $scr;
+return <<<EOD
+#!/usr/local/bin/php -f
+<?php
+# havp filter hook
+if (/*is_package_installed('havp') &&*/ file_exists('/usr/local/pkg/havp.inc')) {
+ require_once('havp.inc');
+ havp_filter_update_3();
}
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+?>
+EOD;
-# === UNDER CONSTRUCTION ===
+}
-# $day: 1, 2, .., 31, *, mon, tue, wed, thu, fri, sat, sun ; every day : [$day]
-# $mon: 1, 2, .., 12, * ; every mon: [$mon] [15]-[01]-[2001]
-# $time = 'hh:mm': '12:00' - at 12:00; '*:*' - at any time; '/hh:/mm' - every hh every /mm
-# havp_crontask('my_task', '15', '/1', '15:30', 'root' 'start_cmd', true);
-function havp_crontask($task_name, $day, $mon, $time, $who, $cmd, $enabled)
+# ==============================================================================
+# RAM Disk
+# ==============================================================================
+function mountRAMdisk($free_and_mount = true)
{
+ global $havp_config;
+ $mnt_point = HVDEF_RAMTEMP_DIR;
+ $mnt_flag_file = "$mnt_point/.mnt";
+
+ # RAM Disk disabled
+ if (HV_USE_TMPRAMDISK !== 'true') {
+ umountRAMDisk();
+ return;
+ }
-}
-
-# / === UNDER CONSTRUCTION ===
+ # RAM Disk on VM disabled
+ if ((HV_VM_TMPRAMDISK !== 'true') && VMWare_detect()) {
+ umountRAMDisk();
+ log_error("havp: RAMDisk on VM disabled.");
+ return;
+ }
-# $options: [0]='minute', [1]='hour', [2]='mday', [3]='month', [4]='wday', [5]='who', [6]='command'
-#
-function havp_setup_cron($task_name, $options, $on_off) {
- global $config;
- $cron_item = array();
-
- # $on_off = TRUE/FALSE - install/deinstall cron task:
- # prepare new cron item
- if (is_array($options)) {
- $cron_item['task_name'] = $task_name;
- $cron_item['minute'] = $options[0];
- $cron_item['hour'] = $options[1];
- $cron_item['mday'] = $options[2];
- $cron_item['month'] = $options[3];
- $cron_item['wday'] = $options[4];
- $cron_item['who'] = ($options[5]) ? $options[5] : 'nobody';
- $cron_item['command'] = $options[6];
- }
+ # free RAMDisk only
+ if ($free_and_mount !== true) {
+ umountRAMDisk();
+ return;
+ }
- # unset old cron task with $task_name
- if ($task_name !== "") {
- $flag_cron_upd = false;
+ # =-= Temp RAMDisk =-=
+ # note: use 1/4 of system memory capacity
+ $ramdisk_capacity = get_memory();
+ $ramdisk_capacity = intval(intval($ramdisk_capacity[0]) / 4); # [Mb]
+
+ # RAMDisk already exists?
+ if (file_exists("/dev/md10")) return;
+ # umount old RAMDisk
+# umountRAMDisk();
+
+ # create and mount a swap backed file system on /var/tmp/havp by /dev/md10:
+# SWAP
+# mwexec("mdconfig -a -t swap -s {$ramdisk_capacity}M -u 10");
+# mwexec("newfs -U /dev/md10");
+# mwexec("mount /dev/md10 $mnt_point");
+# RAM - more quickly, used physical RAM
+ mwexec("/sbin/mdmfs -s {$ramdisk_capacity}M md10 {$mnt_point}");
+ mwexec("chmod 1777 {$mnt_point}");
+
+ # create flag file
+ file_put_contents($mnt_flag_file, "{$ramdisk_capacity}");
+ # syslog
+ if (HV_DEBUG === 'true')
+ log_error("havp: Create RAMDisk {$ramdisk_capacity}Mb.");
+}
+# ------------------------------------------------------------------------------
+function umountRAMDisk()
+{
+ global $havp_config;
- # delete old cron task if exists
- foreach($config['cron']['item'] as $key => $val) {
- if ($config['cron']['item'][$key]['task_name'] === $task_name) {
- unset($config['cron']['item'][$key]);
- $flag_cron_upd = true;
+ # detach and free all resources used by /dev/md10:
+ mwexec("umount -f " . HVDEF_RAMTEMP_DIR);
+ mwexec("mdconfig -d -u 10");
+}
- # log ! cron task deleted !
- break;
- }
- }
+# ==============================================================================
+# Utilites
+# ==============================================================================
+function VMWare_detect()
+{
+ global $g;
+ $fc = '';
- # set new cron task
- if (($on_off === true) and !empty($cron_item)) {
- $config['cron']['item'][] = $cron_item;
- $flag_cron_upd = true;
+ if (file_exists("{$g['varlog_path']}/dmesg.boot") !== false)
+ $fc = file_get_contents("{$g['varlog_path']}/dmesg.boot");
- # log ! cron task installed !
- }
+ return (strpos($fc, "<VMware Virtual") !== false);
+}
+# ------------------------------------------------------------------------------
+function start_antivirus_scanner($filename)
+{
+ $param = array();
+# $param[] = "-v"; # verbose
+ if (HV_DEBUG === 'true')
+ $param[] = "--debug"; # debug option
+ else $param[] = "--quiet"; # output only errors
+ $param[] = "--stdout"; # Write to stdout instead of stderr
+# $param[] = "--no-summary"; # Disable summary at end of scanning
+ $param[] = "-i"; # Only print infected files
+ $param[] = "--tempdir=" . HVDEF_TEMP_DIR; # Create temporary files in DIRECTORY
+# $param[] = "-d FILE/DIR"; # Load virus database from FILE or load all .cvd and .db[2] files from DIR
+ $param[] = "-l " . HVDEF_CLAMSCAN_LOG; # Save scan report to FILE
+ $param[] = "-r"; # Scan subdirectories recursively
+ $param[] = "--remove"; # Remove infected files. Be careful!
+# $param[] = "--move=DIRECTORY"; # Move infected files into DIRECTORY
+# $param[] = "--exclude=PATT"; # Don't scan file names containing PATT
+# $param[] = "--exclude-dir=PATT"; # Don't scan directories containing PATT
+# $param[] = "--include=PATT"; # Only scan file names containing PATT
+# $param[] = "--include-dir=PATT"; # Only scan directories containing PATT
+# $param[] = "--detect-pua"; # Detect Possibly Unwanted Applications
+ $param[] = "--detect-broken"; # Try to detect broken executable files
+ $param[] = "--max-filesize=10000000"; # Files larger than this will be skipped and assumed clean
+ $param[] = "--max-scansize=5000000"; # The maximum amount of data to scan for each container file (*)
+ $param[] = "--max-files=10000"; # The maximum number of files to scan for each container file (*)
+ $param[] = "--max-recursion=255"; # Maximum archive recursion level for container file (*)
+ $param[] = "--max-dir-recursion=255"; # Maximum directory recursion level
+# $param[] = "--unzip[=FULLPATH]"; # Enable support for .zip files
+# $param[] = "--unrar[=FULLPATH]"; # Enable support for .rar files
+# $param[] = "--arj[=FULLPATH]"; # Enable support for .arj files
+# $param[] = "--unzoo[=FULLPATH]"; # Enable support for .zoo files
+# $param[] = "--lha[=FULLPATH]"; # Enable support for .lha files
+# $param[] = "--jar[=FULLPATH]"; # Enable support for .jar files
+# $param[] = "--tar[=FULLPATH]"; # Enable support for .tar files
+# $param[] = "--deb[=FULLPATH to ar]"; # Enable support for .deb files
+# $param[] = "--tgz[=FULLPATH]"; # Enable support for .tar.gz, .tgz files
+
+ $param = implode(" ", $param);
+ if (HV_USE_CLAMD === 'true')
+ $param = "clamdscan $param $filename"; # use clamd daemon (more quickly)
+ else $param = "clamscan $param $filename";
+
+ # debug clamscan cmd
+ if (HV_DEBUG === 'true') file_put_contents("/tmp/clamscan.cmd", $param);
+
+ if (file_exists($filename)) {
+ log_error("Antivirus: Starting file '$filename' scanner. Log file is '" . HVDEF_CLAMSCAN_LOG . "'. Wait 5-10 minutes.");
+
+ # put to log scanning file
+ $cont="Starting scan file {$filename}\n";
+ file_put_contents(HVDEF_CLAMSCAN_LOG, $cont);
+
+ mwexec_bg("$param");
+ }
+ else log_error("Antivirus: Can't starting file scanner. File '$filename' not exists.");
+}
- # write config and configure cron only if cron task modified
- if ($flag_cron_upd === true) {
- write_config("Installed cron task '$task_name' for 'havp' package");
- configure_cron();
- # log ! cron stored !
- }
- }
- else {
- # ! error $name !
+# ------------------------------------------------------------------------------
+# HTML
+# ------------------------------------------------------------------------------
+function havp_fscan_html()
+{
+ global $g;
+ $clamscan_log = HVDEF_CLAMSCAN_LOG;
+
+ return <<<EOD
+<hr>
+<span onClick="document.getElementById('scanfilepath').value = '/var/squid';" style="cursor: pointer;">
+ <img src='./themes/{$g['theme']}/images/icons/icon_pass.gif' title='Click here'>
+ <font size='-1'><u>&nbsp;Squid cache path (scan you squid cache now).</u></font>
+ </img>
+</span>
+<br>
+<span onClick="document.getElementById('scanfilepath').value = '/var/db';" style="cursor: pointer;">
+ <img src='./themes/{$g['theme']}/images/icons/icon_pass.gif' title='Click here'>
+ <font size='-1'><u>&nbsp;Common DB path.</u></font>
+ </img>
+</span>
+<br>
+<span onClick="document.getElementById('scanfilepath').value = '/tmp';" style="cursor: pointer;">
+ <img src='./themes/{$g['theme']}/images/icons/icon_pass.gif' title='Click here'>
+ <font size='-1'><u>&nbsp;Temp path.</u></font>
+ </img>
+</span>
+<hr>
+<input name='submit' type='submit' value='Start_scan'><br>
+Press button for start antivirus scanner now. After 5-10 minutes look log file '{$clamscan_log}'.<br>
+(Diagnostics: Execute Shell command: <b>'cat {$clamscan_log}'</b>)
+EOD;
+}
- # if error - break function
- return;
+# ------------------------------------------------------------------------------
+# Fix
+function havp_fix()
+{
+ global $config;
+ # unset old menu item
+ if (isset($config['installedpackages']['menu'])) {
+ foreach($config['installedpackages']['menu'] as $mkey => $mval) {
+ if ($mval['name'] === 'HTTP Antivirus') {
+ unset($config['installedpackages']['menu'][$mkey]);
+ write_config('Fix HAVP menu.');
+ break;
+ }
}
+ }
}
?>
diff --git a/config/havp/havp.xml b/config/havp/havp.xml
index a70b09bc..de9e6e2c 100644
--- a/config/havp/havp.xml
+++ b/config/havp/havp.xml
@@ -1,30 +1,58 @@
<?xml version="1.0" encoding="utf-8" ?>
<packagegui>
<name>havp</name>
- <title>Services: Antivirus proxy server (havp + clamav) -> Settings</title>
+ <title>Antivirus: HTTP proxy (havp + clamav)</title>
<category>Status</category>
- <version>1.7.1</version>
- <include_file>havp.inc</include_file>
+ <version>0.88_03</version>
+ <include_file>/usr/local/pkg/havp.inc</include_file>
<!-- Installation -->
<menu>
- <name>HTTP Antivirus</name>
- <tooltiptext>Proxy server antivirus</tooltiptext>
+ <name>Antivirus</name>
+ <tooltiptext>Antivirus service</tooltiptext>
<section>Services</section>
<url>/pkg_edit.php?xml=havp.xml&amp;id=0</url>
</menu>
+ <service>
+ <name>havp</name>
+ <rcfile>havp.sh</rcfile>
+ <executable>havp</executable>
+ <description>Antivirus HTTP proxy Service</description>
+ </service>
+
<additional_files_needed>
<item>http://www.pfsense.com/packages/config/havp/havp.inc</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.com/packages/config/havp/havp_fscan.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.com/packages/config/havp/havp_avset.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
</additional_files_needed>
<tabs>
<tab>
- <text>Settings</text>
+ <text>HTTP proxy</text>
<url>/pkg_edit.php?xml=havp.xml&amp;id=0</url>
<active/>
</tab>
+ <tab>
+ <text>Files Scanner</text>
+ <url>/pkg_edit.php?xml=havp_fscan.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Settings</text>
+ <url>/pkg_edit.php?xml=havp_avset.xml&amp;id=0</url>
+ </tab>
</tabs>
+
<fields>
<field>
<fielddescr>Enable</fielddescr>
@@ -33,39 +61,73 @@
<type>checkbox</type>
</field>
<field>
- <fielddescr>Use external interface</fielddescr>
- <fieldname>listenextinterface</fieldname>
- <description>Select this for use external interface, otherwise the proxy will use the internal interface '127.0.0.1'. Cascade you other proxy to the HAVP as 'parent proxy' via '127.0.0.1' ip.</description>
- <type>checkbox</type>
- <enablefields>proxyiface</enablefields>
+ <fielddescr>Proxy mode</fielddescr>
+ <fieldname>proxymode</fieldname>
+ <description>
+ Select interface mode: &lt;br&gt;
+ &lt;b&gt; standard &lt;/b&gt; - client(s) bind to the 'proxy port' on selected interface(s); &lt;br&gt;
+ &lt;b&gt; parent for squid &lt;/b&gt; - configure HAVP as parent for Squid proxy;&lt;br&gt;
+ &lt;b&gt; transparent &lt;/b&gt; - all 'http' requests on interface(s) will be translated to the HAVP proxy server without any client(s) additional configuration necessary (worked as 'parent for squid' with 'transparent' Squid proxy); &lt;br&gt;
+ &lt;b&gt; internal &lt;/b&gt; - HAVP listen internal interface (127.0.0.1) on 'proxy port', use you own traffic forwarding rules.&lt;br&gt;
+ </description>
+ <type>select</type>
+ <default_value>standard</default_value>
+ <options>
+ <option><value>standard</value><name>Standard</name></option>
+ <option><value>squid</value><name>Parent for Squid</name></option>
+ <option><value>transparent</value><name>Transparent</name></option>
+ <option><value>internal</value><name>Internal</name></option>
+ </options>
</field>
+
<field>
- <fielddescr>Proxy interface</fielddescr>
- <fieldname>proxyiface</fieldname>
- <description>The interface(s) the proxy server will bind to.</description>
+ <fielddescr>Proxy interface(s)</fielddescr>
+ <fieldname>proxyinterface</fieldname>
+ <description>The interface(s) for client connections to the proxy. Use 'Ctrl' + L.Click for multiple selection.</description>
<type>interfaces_selection</type>
<required/>
- <default_value>lan</default_value>
+ <multiple/>
+ <value>lan</value>
</field>
<field>
<fielddescr>Proxy port</fielddescr>
<fieldname>proxyport</fieldname>
- <description>This is the port the proxy server will listen on.</description>
+ <description>
+ This is the port the proxy server will listen on (for example: 8080). This port must be different from Squid proxy.
+ </description>
<type>input</type>
<size>10</size>
<required/>
- <default_value>3128</default_value>
+ <value>3125</value>
</field>
<field>
<fielddescr>Parent proxy</fielddescr>
<fieldname>parentproxy</fieldname>
<description>
- Enter the parent proxy as PROXY:PORT format or leave empty.
+ Enter the parent (upstream) proxy settings as PROXY:PORT format or leave empty.
</description>
<type>input</type>
<size>90</size>
</field>
<field>
+ <fielddescr>Enable X-Forwarded-For</fielddescr>
+ <fieldname>enablexforwardedfor</fieldname>
+ <description>
+ If client sent this header, FORWARDED_IP setting defines the value, then it is passed on. You might want to keep this disabled for security reasons.
+ &lt;br&gt;Enable this if you use your own parent proxy after HAVP, so it will see the original client IP.
+ &lt;br&gt;Disabling this also disables Via: header generation.
+ </description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>Enable Forwarded IP</fielddescr>
+ <fieldname>enableforwardedip</fieldname>
+ <description>
+ If HAVP is used as parent proxy by some other proxy, this allows to write the real users IP to log, instead of proxy IP.
+ </description>
+ <type>checkbox</type>
+ </field>
+ <field>
<fielddescr>Language</fielddescr>
<fieldname>lang</fieldname>
<description>Select the language in which the proxy server will display error messages to users.</description>
@@ -84,17 +146,21 @@
</options>
</field>
<field>
- <fielddescr>Max download size</fielddescr>
+ <fielddescr>Max download size, Bytes</fielddescr>
<fieldname>maxdownloadsize</fieldname>
- <description>Enter value or leave empty. Value in bytes. Downloads larger than 'Max download size' will be blocked. Only if not Whitelisted!</description>
+ <description>Enter value (in Bytes) or leave empty. Downloads larger, than 'Max download size' will be blocked. Only if not Whitelisted!</description>
<type>input</type>
<size>10</size>
<default_value></default_value>
</field>
<field>
- <fielddescr>Disable X-Forward</fielddescr>
- <fieldname>xforwardedfor</fieldname>
- <description>If not set, proxy will include your system's IP address or name in the HTTP requests it forwards.</description>
+ <fielddescr>HTTP Range requests</fielddescr>
+ <fieldname>range</fieldname>
+ <description>
+ Set this for allow HTTP Range requests, and broken downloads can be resumed.
+ Allowing HTTP Range is a security risk, because partial HTTP requests may not be properly scanned.
+ Whitelisted sites are allowed to use Range in any case.
+ </description>
<type>checkbox</type>
</field>
@@ -129,101 +195,79 @@
</field>
<field>
+ <fielddescr>Enable RAM Disk</fielddescr>
+ <fieldname>enableramdisk</fieldname>
+ <description>
+ This option allow use RAM Disk for HAVP temp files for more quick traffic scan.
+ Ram Disc size depend from 'ScanMax file size and avialable memory.
+ This option can be ignored in VMVare or on 'low system memory'.
+ ( RAM Disk size calculated as [1/4 avialable system memory] > [Scan max file size] * 100 )
+ </description>
+ <type>checkbox</type>
+ </field>
+ <field>
<fielddescr>Scan max file size</fielddescr>
<fieldname>scanmaxsize</fieldname>
<description>
- Enter here value in bytes (5, 10, 15, 20) or leave empty.
+ Select this value for limit maximum file size or leave '---(5M)'.
Files larger than this limit won't be scanned.
- Empty or 0 also disables the limit.
+ Small values increace scan speed and maximum new connections per second and allow RAM Disk use.
+ &lt;br&gt;
NOTE: Setting limit is a security risk, because some archives like
ZIP need all the data to be scanned properly! Use this only if you
- can't afford temporary space for big files. Also scanner settings
- will affect how many files will be scanned inside an archive etc.
+ can't afford temporary space for big files.
</description>
- <type>input</type>
- <size>10</size>
+ <type>select</type>
+ <value>0</value>
+ <options>
+ <option><value> 5000</value><name>--- (5M)</name></option>
+ <option><value> 1</value><name> 1 K</name></option>
+ <option><value> 2</value><name> 2 K</name></option>
+ <option><value> 3</value><name> 3 K</name></option>
+ <option><value> 5</value><name> 5 K</name></option>
+ <option><value> 7</value><name> 7 K</name></option>
+ <option><value> 10</value><name> 10 K</name></option>
+ <option><value> 20</value><name> 20 K</name></option>
+ <option><value> 30</value><name> 30 K</name></option>
+ <option><value> 50</value><name> 50 K</name></option>
+ <option><value> 70</value><name> 70 K</name></option>
+ <option><value> 100</value><name> 100 K</name></option>
+ <option><value> 200</value><name> 200 K</name></option>
+ <option><value> 300</value><name> 300 K</name></option>
+ <option><value> 500</value><name> 500 K</name></option>
+ <option><value> 700</value><name> 700 K</name></option>
+ <option><value> 1000</value><name> 1000 K</name></option>
+ <option><value> 1500</value><name> 1500 K</name></option>
+ <option><value> 2000</value><name> 2000 K</name></option>
+ <option><value> 2500</value><name> 2500 K</name></option>
+ <option><value> 3000</value><name> 3000 K</name></option>
+ <option><value> 3500</value><name> 3500 K</name></option>
+ <option><value> 4000</value><name> 4000 K</name></option>
+ <option><value> 4500</value><name> 4500 K</name></option>
+ <option><value> 5000</value><name> 5000 K</name></option>
+ <option><value> 5500</value><name> 5500 K</name></option>
+ <option><value> 6000</value><name> 6000 K</name></option>
+ <option><value> 7000</value><name> 7000 K</name></option>
+ <option><value> 8000</value><name> 8000 K</name></option>
+ <option><value> 9000</value><name> 9000 K</name></option>
+ <option><value>10000</value><name>10 000 K</name></option>
+ </options>
</field>
-
<field>
<fielddescr>Scan images</fielddescr>
<fieldname>scanimg</fieldname>
- <description>Check this for scan image files.</description>
- <type>checkbox</type>
- </field>
-
- <field>
- <fielddescr>Scan archives</fielddescr>
- <fieldname>scanarc</fieldname>
- <description>Check this for scan within archives and compressed files.</description>
- <type>checkbox</type>
- </field>
-
- <field>
- <fielddescr>Scan archive max file size</fielddescr>
- <fieldname>scanarcmaxsize</fieldname>
- <value>10M</value>
<description>
- Enter here value in megabytes (15M) or leave empty.
- Files in archives larger than this limit won't be scanned.
- Value of 0 also disables the limit.
+ Check this for scan image files.
+ This option allows you to increase reliability, but also slows down the scanning process.
</description>
- <type>input</type>
- <size>10</size>
- </field>
-
- <field>
- <fielddescr>AV bases update</fielddescr>
- <fieldname>havpavupdate</fieldname>
- <description>
- &lt;input name='submit' type='submit' value='Update_AV'&gt;
- Press button for update AV database now.
- </description>
- <type>select</type>
- <value>hv_none</value>
- <options>
- <option><name>none</name><value>hv_none</value></option>
- <option><name>every 1 hours</name><value>hv_01h</value></option>
- <option><name>every 2 hours</name><value>hv_02h</value></option>
- <option><name>every 3 hours</name><value>hv_03h</value></option>
- <option><name>every 4 hours</name><value>hv_04h</value></option>
- <option><name>every 6 hours</name><value>hv_06h</value></option>
- <option><name>every 8 hours</name><value>hv_08h</value></option>
- <option><name>every 12 hours</name><value>hv_12h</value></option>
- <option><name>every 24 hours</name><value>hv_24h</value></option>
- </options>
- </field>
- <field>
- <fielddescr>Regional AV database update mirror</fielddescr>
- <fieldname>dbregion</fieldname>
- <description>Select regional database mirror.</description>
- <type>select</type>
- <value></value>
- <options>
- <option><value></value><name>-----</name></option>
- <option><value>au</value><name>Australia</name></option>
- <option><value>eu</value><name>Europe</name></option>
- <option><value>ca</value><name>Canada</name></option>
- <option><value>cn</value><name>China</name></option>
- <option><value>id</value><name>Indonesia</name></option>
- <option><value>jp</value><name>Japan</name></option>
- <option><value>kr</value><name>Korea</name></option>
- <option><value>ml</value><name>Malaysia</name></option>
- <option><value>ru</value><name>Russian</name></option>
- <option><value>sa</value><name>South africa</name></option>
- <option><value>tw</value><name>Taiwan</name></option>
- <option><value>uk</value><name>United Kingdom</name></option>
- <option><value>us</value><name>United States</name></option>
- </options>
+ <type>checkbox</type>
</field>
<field>
- <fielddescr>Optional AV database update servers</fielddescr>
- <fieldname>avupdateserver</fieldname>
- <description>Enter here space separated AV update servers, or leave empty.</description>
- <type>textarea</type>
- <cols>60</cols>
- <rows>5</rows>
+ <fielddescr>Scan media stream</fielddescr>
+ <fieldname>scanstream</fieldname>
+ <description>Check this for scan media (audio/video) stream. Use this for additional scan exploits for players.</description>
+ <type>checkbox</type>
</field>
-
<field>
<fielddescr>Syslog</fielddescr>
<fieldname>syslog</fieldname>
@@ -237,14 +281,20 @@
<type>checkbox</type>
</field>
</fields>
+
+ <custom_php_command_before_form>
+ havp_before_form(&amp;$pkg);
+ </custom_php_command_before_form>
<custom_php_validation_command>
- havp_validate_settings($_POST, &amp;$input_errors);
+ havp_validate_settings($_POST, &amp;$input_errors);
</custom_php_validation_command>
<custom_php_resync_config_command>
- havp_resync();
+ havp_resync();
</custom_php_resync_config_command>
<custom_php_install_command>
+ havp_install();
</custom_php_install_command>
<custom_php_deinstall_command>
+ havp_deinstall();
</custom_php_deinstall_command>
</packagegui> \ No newline at end of file
diff --git a/config/havp/havp_avset.xml b/config/havp/havp_avset.xml
new file mode 100644
index 00000000..2ba7a5cb
--- /dev/null
+++ b/config/havp/havp_avset.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<packagegui>
+ <name>havpavset</name>
+ <title>Antivirus: Settings</title>
+ <category>Status</category>
+ <version>0.88_03</version>
+ <include_file>/usr/local/pkg/havp.inc</include_file>
+
+ <tabs>
+ <tab>
+ <text>HTTP Proxy</text>
+ <url>/pkg_edit.php?xml=havp.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Files Scanner</text>
+ <url>/pkg_edit.php?xml=havp_fscan.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Settings</text>
+ <url>/pkg_edit.php?xml=havp_avset.xml&amp;id=0</url>
+ <active/>
+ </tab>
+ </tabs>
+
+ <fields>
+ <field>
+ <fielddescr>AV base update</fielddescr>
+ <fieldname>havpavupdate</fieldname>
+ <description>
+ &lt;input name='submit' type='submit' value='Update_AV'&gt;
+ Press button for update AV database now.
+ </description>
+ <type>select</type>
+ <value>hv_none</value>
+ <options>
+ <option><name>none </name><value>0</value></option>
+ <option><name>every 1 hours</name><value>1</value></option>
+ <option><name>every 2 hours</name><value>2</value></option>
+ <option><name>every 3 hours</name><value>3</value></option>
+ <option><name>every 4 hours</name><value>4</value></option>
+ <option><name>every 6 hours</name><value>5</value></option>
+ <option><name>every 8 hours</name><value>6</value></option>
+ <option><name>every 12 hours</name><value>7</value></option>
+ <option><name>every 24 hours</name><value>8</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Regional AV database update mirror</fielddescr>
+ <fieldname>dbregion</fieldname>
+ <description>Select regional database mirror.</description>
+ <type>select</type>
+ <value></value>
+ <options>
+ <option><value></value><name>-----</name></option>
+ <option><value>au</value><name>Australia</name></option>
+ <option><value>eu</value><name>Europe</name></option>
+ <option><value>ca</value><name>Canada</name></option>
+ <option><value>cn</value><name>China</name></option>
+ <option><value>id</value><name>Indonesia</name></option>
+ <option><value>jp</value><name>Japan</name></option>
+ <option><value>kr</value><name>Korea</name></option>
+ <option><value>ml</value><name>Malaysia</name></option>
+ <option><value>ru</value><name>Russian</name></option>
+ <option><value>sa</value><name>South africa</name></option>
+ <option><value>tw</value><name>Taiwan</name></option>
+ <option><value>uk</value><name>United Kingdom</name></option>
+ <option><value>us</value><name>United States</name></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Optional AV database update servers</fielddescr>
+ <fieldname>avupdateserver</fieldname>
+ <description>Enter here space separated AV update servers, or leave empty.</description>
+ <type>textarea</type>
+ <cols>60</cols>
+ <rows>5</rows>
+ </field>
+ <field>
+ <fielddescr>Syslog</fielddescr>
+ <fieldname>avsetsyslog</fieldname>
+ <description>Check this for enable Syslog.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>Log</fielddescr>
+ <fieldname>avsetlog</fieldname>
+ <description>Check this for enable log.</description>
+ <type>checkbox</type>
+ </field>
+ </fields>
+
+ <custom_php_command_before_form>
+ havp_before_form(&amp;$pkg);
+ </custom_php_command_before_form>
+ <custom_php_validation_command>
+ havp_validate_settings($_POST, &amp;$input_errors);
+ </custom_php_validation_command>
+ <custom_php_resync_config_command>
+ havp_avset_resync();
+ </custom_php_resync_config_command>
+ <custom_php_install_command>
+ </custom_php_install_command>
+ <custom_php_deinstall_command>
+ </custom_php_deinstall_command>
+</packagegui> \ No newline at end of file
diff --git a/config/havp/havp_fscan.xml b/config/havp/havp_fscan.xml
new file mode 100644
index 00000000..f7548006
--- /dev/null
+++ b/config/havp/havp_fscan.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<packagegui>
+ <name>havpfscan</name>
+ <title>Antivirus: Files scanner</title>
+ <category>Status</category>
+ <version>none</version>
+ <include_file>/usr/local/pkg/havp.inc</include_file>
+
+ <tabs>
+ <tab>
+ <text>HTTP Proxy</text>
+ <url>/pkg_edit.php?xml=havp.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Files Scanner</text>
+ <url>/pkg_edit.php?xml=havp_fscan.xml&amp;id=0</url>
+ <active/>
+ </tab>
+ <tab>
+ <text>Settings</text>
+ <url>/pkg_edit.php?xml=havp_avset.xml&amp;id=0</url>
+ </tab>
+ </tabs>
+
+ <fields>
+ <field>
+ <fielddescr>Scan file path</fielddescr>
+ <fieldname>scanfilepath</fieldname>
+ <description>
+ Enter file path or catalog for scanning. &lt;br&gt;
+ </description>
+ <type>input</type>
+ <size>90</size>
+ </field>
+<!--
+ <field>
+ <fielddescr>Files scan task</fielddescr>
+ <fieldname>havpavupdate</fieldname>
+ <description>
+ &lt;input name='submit' type='submit' value='Update_AV'&gt;
+ Press button for update AV database now.
+ </description>
+ <type>select</type>
+ <value>hv_none</value>
+ <options>
+ <option><name>none</name><value>hv_none</value></option>
+ <option><name>every 1 hours</name><value>hv_01h</value></option>
+ <option><name>every 2 hours</name><value>hv_02h</value></option>
+ <option><name>every 3 hours</name><value>hv_03h</value></option>
+ <option><name>every 4 hours</name><value>hv_04h</value></option>
+ <option><name>every 6 hours</name><value>hv_06h</value></option>
+ <option><name>every 8 hours</name><value>hv_08h</value></option>
+ <option><name>every 12 hours</name><value>hv_12h</value></option>
+ <option><name>every 24 hours</name><value>hv_24h</value></option>
+ </options>
+ </field>
+-->
+ </fields>
+
+ <custom_php_command_before_form>
+ havp_fscan_before_form(&amp;$pkg);
+ </custom_php_command_before_form>
+ <custom_php_validation_command>
+ havp_validate_settings($_POST, &amp;$input_errors);
+ </custom_php_validation_command>
+ <custom_php_resync_config_command>
+ </custom_php_resync_config_command>
+ <custom_php_install_command>
+ </custom_php_install_command>
+ <custom_php_deinstall_command>
+ </custom_php_deinstall_command>
+</packagegui> \ No newline at end of file
diff --git a/config/igmpproxy/filter.tmp b/config/igmpproxy/filter.tmp
new file mode 100644
index 00000000..fa79ac54
--- /dev/null
+++ b/config/igmpproxy/filter.tmp
@@ -0,0 +1,3312 @@
+<?php
+/* $Id: filter.inc,v 1.575.2.368.2.65 2008/01/31 06:19:51 sullrich Exp $ */
+/*
+ filter.inc
+ Copyright (C) 2004-2006 Scott Ullrich
+ Copyright (C) 2005 Bill Marquette
+ Copyright (C) 2006 Peter Allgeyer
+ All rights reserved.
+
+ originally part of m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+*/
+
+/* include all configuration functions */
+require_once("functions.inc");
+require_once("pkg-utils.inc");
+require_once("notices.inc");
+
+if($config['system']['shapertype'] <> "m0n0")
+ require_once ("shaper.inc");
+
+/* holds the items that will be executed *AFTER* the filter is fully loaded */
+$after_filter_configure_run = array();
+
+function filter_pflog_start() {
+ global $config, $g;
+
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "filter_pflog_start() being called $mt\n";
+ }
+
+ mute_kernel_msgs();
+
+ $pid = `ps awwwux | grep -v "grep" | grep "tcpdump -v -l -n -e -ttt -i pflog0" | awk '{ print $2 }'`;
+ if(!$pid)
+ mwexec_bg("/usr/sbin/tcpdump -v -l -n -e -ttt -i pflog0 | logger -t pf -p local0.info");
+
+ unmute_kernel_msgs();
+
+}
+
+/* reload filter async */
+function filter_configure() {
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "filter_configure() being called $mt\n";
+ }
+ global $g;
+
+ touch($g['tmp_path'] . "/filter_dirty");
+}
+
+/* reload filter sync */
+function filter_configure_sync() {
+ global $config, $g, $after_filter_configure_run;
+ filter_pflog_start();
+ update_filter_reload_status("Initializing");
+ /* invalidate interface cache */
+ get_interface_arr(true);
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "filter_configure_sync() being called $mt\n";
+ }
+
+ /* load ipfw / dummynet early on if required */
+ if($config['system']['dummynetshaper']) {
+ $status = intval(`kldstat | grep ipfw | wc -l | awk '{ print $1 }'`);
+ if($status == "0") {
+ mwexec("/sbin/kldload ipfw");
+ mwexec("/sbin/kldload dummynet");
+ }
+ } else {
+ /* check to see if any rules reference a schedule
+ * and if so load ipfw for later usage.
+ */
+ foreach($config['filter']['rule'] as $rule) {
+ if($rule['sched'])
+ $time_based_rules = true;
+ }
+ if($time_based_rules == true) {
+ $status = intval(`kldstat | grep ipfw | wc -l | awk '{ print $1 }'`);
+ if($status == "0") {
+ mute_kernel_msgs();
+ mwexec("/sbin/kldload ipfw");
+ unmute_kernel_msgs();
+ }
+ exec("/sbin/ipfw delete set 9");
+ exec("/sbin/ipfw delete 2");
+ exec("/sbin/ipfw delete 3");
+ }
+ }
+
+ $lan_if = $config['interfaces']['lan']['if'];
+ $wan_if = get_real_wan_interface();
+
+ /* generate aliases */
+ if($g['booting'] == true) echo ".";
+ update_filter_reload_status("Creating aliases");
+ $aliases = filter_generate_aliases();
+ /* generate nat rules */
+ if($g['booting'] == true) echo ".";
+ update_filter_reload_status("Generating NAT rules");
+ $natrules = filter_nat_rules_generate();
+ /* generate pfctl rules */
+ if($g['booting'] == true) echo ".";
+ update_filter_reload_status("Generating filter rules");
+ $pfrules = filter_rules_generate();
+
+ if (isset($config['shaper']['enable']) and $config['system']['shapertype'] <> "m0n0") {
+ /* generate altq interface setup parms */
+ if($g['booting'] == true) echo ".";
+ update_filter_reload_status("Generating ALTQ interfaces");
+ $altq_ints = filter_setup_altq_interfaces();
+ /* generate altq queues */
+ if($g['booting'] == true) echo ".";
+ update_filter_reload_status("Generating ALTQ queues");
+ $altq_queues = filter_generate_altq_queues($altq_ints);
+ /* generate altq rules */
+ if($g['booting'] == true) echo ".";
+ /* Setup a default rule that tags ALL packets as unshaped
+ * we'll match only unshaped packets in the shaper code later
+ * this allows the shaper to be first match
+ */
+ $pf_altq_rules = "block in all tag unshaped label \"SHAPER: first match rule\"\n";
+ update_filter_reload_status("Generating ALTQ rules");
+ $pf_altq_rules .= filter_generate_pf_altq_rules();
+ }
+
+ update_filter_reload_status("Loading filter rules");
+
+ /* enable pf if we need to, otherwise disable */
+ if (!isset ($config['system']['disablefilter'])) {
+ mwexec("/sbin/pfctl -e");
+ } else {
+ mwexec("/sbin/pfctl -d");
+ unlink_if_exists("{$g['tmp_path']}/filter_loading");
+ update_filter_reload_status("Filter is disabled. Not loading rules.");
+ return;
+ }
+
+ $fd = fopen("{$g['tmp_path']}/rules.debug", "w");
+ $rules = $aliases . " \n";
+
+ update_filter_reload_status("Setting up logging information");
+
+ $rules .= setup_logging_interfaces();
+
+ if ($config['system']['optimization'] <> "")
+ $rules .= "set optimization {$config['system']['optimization']}\n";
+ else
+ $rules .= "set optimization normal\n";
+
+ if ($config['system']['maximumstates'] <> "" && is_numeric($config['system']['maximumstates'])) {
+ /* User defined maximum states in Advanced menu. */
+ $rules .= "set limit states {$config['system']['maximumstates']}\n";
+ }
+ $rules .= "\n";
+
+ update_filter_reload_status("Setting up SCRUB information");
+ /* get our wan interface? */
+ $wanif = get_real_wan_interface();
+
+ /* disable scrub option */
+ if(!isset($config['system']['disablescrub'])) {
+ /* set up MSS clamping */
+ if ($config['interfaces']['wan']['mtu'] <> "" and is_numeric($config['interfaces']['wan']['mtu']))
+ $mssclamp = "max-mss " . (intval($config['interfaces']['wan']['mtu'] - 40));
+ else
+ if ($config['interfaces']['wan']['ipaddr'] == "pppoe")
+ $mssclamp = "max-mss 1452";
+ else
+ $mssclamp = "";
+
+ /* configure no-df for linux nfs and others */
+ if ($config['system']['scrubnodf'])
+ $scrubnodf = "no-df random-id";
+ else
+ $scrubnodf = "random-id";
+ $rules .= "scrub all {$scrubnodf} {$mssclamp} fragment reassemble\n"; // reassemble all directions
+ } else if ($config['interfaces']['wan']['mtu'] <> "" and is_numeric($config['interfaces']['wan']['mtu'])) {
+ $rules .= "scrub {$mssclamp}\n"; // reassemble all directions
+ }
+
+ if($config['system']['shapertype'] <> "m0n0") {
+ $rules.= "{$altq_ints}\n";
+ $rules.= "{$altq_queues}\n";
+ }
+ $rules.= "{$natrules}\n";
+ if($config['system']['shapertype'] <> "m0n0")
+ $rules.= "{$pf_altq_rules}\n";
+ $rules.= "{$pfrules}\n";
+ fwrite($fd, $rules);
+ fclose($fd);
+
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "pfctl being called at $mt\n";
+ }
+ $rules_loading = mwexec("/sbin/pfctl -o -f {$g['tmp_path']}/rules.debug");
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "pfctl done at $mt\n";
+ }
+
+ /* check for a error while loading the rules file. if an error has occured
+ then output the contents of the error to the caller */
+ if($rules_loading <> 0) {
+ $rules_error = exec_command("/sbin/pfctl -f {$g['tmp_path']}/rules.debug");
+ $line_error = split("\:", $rules_error);
+ $line_number = $line_error[1];
+ $rules_file = `/bin/cat {$g['tmp_path']}/rules.debug`;
+ $line_split = split("\n", $rules_file);
+ if(is_array($line_split))
+ $line_error = "The line in question reads [{$line_number}]: {$line_split[$line_number-1]}";
+ if($line_error and $line_number) {
+ file_notice("filter_load", "There were error(s) loading the rules: {$rules_error} {$line_error}", "Filter Reload", "");
+ log_error("There were error(s) loading the rules: {$rules_error} - {$line_error}");
+ update_filter_reload_status("There were error(s) loading the rules: {$rules_error} - {$line_error}");
+ return;
+ }
+ }
+
+ unlink_if_exists("/usr/local/pkg/pf/carp_sync_client.php");
+
+ /* run items scheduled for after filter configure run */
+ foreach($after_filter_configure_run as $afcr) {
+ $fda = fopen("/tmp/commands.txt", "w");
+ fwrite($fda, $afcr . "\n");
+ fclose($fda);
+ }
+ if(file_exists("/tmp/commands.txt")) {
+ mwexec("sh /tmp/commands.txt &");
+ unlink("/tmp/commands.txt");
+ }
+
+ update_filter_reload_status("Running plugins");
+
+ /* process packager manager custom rules */
+ $files = return_dir_as_array("/usr/local/pkg/pf/");
+ if($files <> "") {
+ foreach ($files as $file) {
+ if($file) {
+ $text = file_get_contents("/usr/local/pkg/pf/" . $file);
+ if($text) {
+ if(stristr($file, ".sh") == true) {
+ mwexec("/usr/local/pkg/pf/" . $file . " start");
+ } else {
+ if(!stristr($file,"CVS")) {
+ if($g['booting'] == true)
+ echo "\t{$file}... ";
+ require_once("/usr/local/pkg/pf/" . $file);
+ }
+ }
+ }
+ }
+ }
+ }
+ update_filter_reload_status("Plugins completed.");
+
+ system_start_ftp_helpers();
+
+ if($config['system']['shapertype'] == "m0n0") {
+ require_once ("/etc/inc/m0n0/shaper.inc");
+ shaper_configure();
+ }
+
+ /* if time based rules are enabled then swap in the set */
+ if($time_based_rules == true) {
+ tdr_install_cron(true);
+ tdr_install_set();
+ } else {
+ tdr_install_cron(false);
+ }
+
+ /*
+ we need a way to let a user run a shell cmd after each
+ filter_configure() call. run this xml command after
+ each change.
+ */
+ if($config['system']['afterfilterchangeshellcmd'] <> "")
+ mwexec($config['system']['afterfilterchangeshellcmd']);
+
+ /* sync carp entries to other firewalls */
+ update_filter_reload_status("Syncing CARP data");
+ carp_sync_client();
+
+ system_routing_configure();
+
+ update_filter_reload_status("Done");
+
+ return 0;
+}
+
+function filter_generate_aliases() {
+ global $config, $g;
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "filter_generate_aliases() being called $mt\n";
+ }
+ $aliases = "";
+
+ $i = 0;
+
+ $lanip = find_interface_ip($config['interfaces']['lan']['if']);
+ $wanip = find_interface_ip(get_real_wan_interface());
+
+ $lan_aliases = " " . link_ip_to_carp_interface($lanip);
+ $wan_aliases = " " . link_ip_to_carp_interface($wanip);
+
+ if(link_int_to_bridge_interface("lan"))
+ $lan_aliases .= " " . link_int_to_bridge_interface("lan");
+ if(link_int_to_bridge_interface("wan"))
+ $wan_aliases .= " " . link_int_to_bridge_interface("wan");
+
+ $aliases .= "# System Aliases \n";
+ $aliases .= "loopback = \"{ lo0 }\"\n";
+ $aliases .= "lan = \"{ {$config['interfaces']['lan']['if']}{$lan_aliases} }\"\n";
+
+ if($config['interfaces']['wan']['ipaddr'] == "pppoe" or $config['interfaces']['wan']['ipaddr'] == "pptp") {
+ $aliases .= "ng0 = \"{ " . $config['interfaces']['wan']['if'] . " " . get_real_wan_interface() . " }\" \n";
+ $aliases .= "wan = \"{ " . $config['interfaces']['wan']['if'] . "{$wan_aliases} ng0 }\"\n";
+ } else {
+ $aliases .= "wan = \"{ " . get_real_wan_interface() . "{$wan_aliases} }\"\n";
+ }
+
+ $aliases .= "enc0 = \"{ enc0 }\"\n";
+
+ /* used to count netgraph interfaces */
+ $counter = 0;
+
+ /* ng ordering is VERY important here. do not alter order */
+ if($config['pptpd']['mode'] == "server") {
+ /* build pptp alias */
+ $tmp = "pptp = \"{ ";
+ $starting_pptp = 1;
+ if($config['interfaces']['wan']['ipaddr'] == "pppoe")
+ $starting_pptp = 1;
+ for($x=$starting_pptp; $x<$g["n_pptp_units"]+$starting_pptp; $x++)
+ $tmp .= "ng{$x} ";
+ $counter = $x;
+ $tmp .= "}\" \n";
+ if($counter > 0)
+ $aliases .= $tmp;
+ }
+ if($config['pppoe']['mode'] == "server") {
+ /* build pppoe alias */
+ $tmp = "pppoe = \"{ ";
+ $starting_pppoe = 1;
+ if($config['interfaces']['wan']['ipaddr'] == "pppoe")
+ $starting_pppoe = 1;
+ for($x=0; $x<$g["n_pppoe_units"]+$starting_pppoe; $x++) {
+ $tmp .= "ng{$counter} ";
+ $counter++;
+ }
+ $tmp .= "}\" \n";
+ if($x > 0)
+ $aliases .= $tmp;
+ }
+
+ $ifdescrs = array();
+ for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) {
+ $ifdescrs['opt' . $j] = "opt" . $j;
+ }
+ $bridgetracker = 0;
+ foreach ($ifdescrs as $ifdescr => $ifname) {
+ /* do not process tun interfaces */
+ /* do process tun interfaces for openvpn compatibility */
+ /* if(stristr(filter_opt_interface_to_real($ifname), "tun") == true) continue; */
+ $aliases .= convert_friendly_interface_to_friendly_descr($ifname) . " = \"{ " . filter_opt_interface_to_real($ifname);
+ if(link_int_to_bridge_interface($ifname))
+ $aliases .= " " . link_int_to_bridge_interface($ifname);
+ $optip = find_interface_ip($config['interfaces'][$ifname]['if']);
+ if($optip) {
+ $opt_carp_ints = link_ip_to_carp_interface($optip);
+ if($opt_carp_ints)
+ $aliases .= $opt_carp_ints;
+ }
+ $aliases .= " }\"\n";
+ }
+ $aliases .= "# User Aliases \n";
+ /* Setup pf groups */
+ if (isset($config['aliases']['alias'])) {
+ foreach ($config['aliases']['alias'] as $alias) {
+ $extraalias = "";
+ $ip = find_interface_ip($alias['address']);
+ $extraalias = " " . link_ip_to_carp_interface($ip);
+ $aliases .= "{$alias['name']} = \"{ {$alias['address']}{$extralias} }\"\n";
+ }
+ }
+
+ return $aliases;
+}
+
+function get_vpns_list() {
+ global $config;
+ /* build list of vpns */
+ $vpns = "";
+ $isfirst = true;
+ /* ipsec */
+ if ($config['ipsec']['tunnel']) {
+ foreach ($config['ipsec']['tunnel'] as $tunnel) {
+ if ($isfirst == false)
+ $vpns .= " ";
+ $vpns .= $tunnel['remote-subnet'];
+ $isfirst = false;
+ }
+ }
+ /* openvpn */
+ foreach (array('client', 'server') as $type) {
+ $conf =& $config['installedpackages']["openvpn$type"]['config'];
+ if (!is_array($conf)) continue;
+ foreach ($conf as $tunnel) {
+ if ($isfirst == false)
+ $vpns .= " ";
+ $vpns .= $tunnel['remote_network'];
+ $isfirst = false;
+ }
+ }
+ /* pppoe */
+ if ($config['pppoe']['remoteip']) {
+ if ($isfirst == false)
+ $vpns .= " ";
+ $vpns .= $config['pppoe']['remoteip'] ."/". $config['pppoe']['pppoe_subnet'];
+ $isfirst = false;
+ }
+ $vpns .= " ";
+ return $vpns;
+}
+
+function generate_optcfg_array(& $optcfg) {
+ global $config;
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "generate_optcfg_array() being called $mt\n";
+ }
+
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ $oc = $config['interfaces']['opt' . $i];
+
+ if (isset($oc['enable']) && $oc['if']) {
+ $oic = array();
+ $oic['if'] = $oc['if'];
+
+ if ($oc['bridge']) {
+ if (!strstr($oc['bridge'], "opt") ||
+ isset($config['interfaces'][$oc['bridge']]['enable'])) {
+ if (is_ipaddr($config['interfaces'][$oc['bridge']]['ipaddr'])) {
+ $oic['ip'] = $config['interfaces'][$oc['bridge']]['ipaddr'];
+ $oic['sn'] = $config['interfaces'][$oc['bridge']]['subnet'];
+ $oic['sa'] = gen_subnet($oic['ip'], $oic['sn']);
+ }
+ }
+ $oic['bridge'] = 1;
+ } else {
+ $oic['ip'] = $oc['ipaddr'];
+ $oic['sn'] = $oc['subnet'];
+ $oic['sa'] = gen_subnet($oic['ip'], $oic['sn']);
+ }
+
+ $optcfg['opt' . $i] = $oic;
+ }
+ }
+}
+
+function filter_flush_nat_table() {
+ global $config, $g;
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "filter_flush_nat_table() being called $mt\n";
+ }
+ return mwexec("/sbin/pfctl -F nat");
+}
+
+function filter_flush_state_table() {
+ global $config, $g;
+
+ return mwexec("/sbin/pfctl -F state");
+}
+
+/* Generate a 'nat on' or 'no nat on' rule for given interface */
+function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = "any", $dstport = "", $natip = "", $natport = "", $nonat = false, $staticnatport = false) {
+ global $config;
+
+ /* XXX: billm - any idea if this code is needed? */
+ if($src == "/32" || $src{0} == "/")
+ return;
+
+ /* Use interface name if IP isn't specified */
+ if ($natip != "")
+ $tgt = "{$natip}/32";
+ else
+ $tgt = "($if)";
+
+ /* Add the hard set source port (useful for ISAKMP) */
+ if ($natport != "")
+ $tgt .= " port {$natport}";
+
+ /* sometimes this gets called with "" instead of a value */
+ if ($src == "")
+ $src = "any";
+
+ /* Match on this source port */
+ if ($srcport != "")
+ $src .= " port {$srcport}";
+
+ /* sometimes this gets called with "" instead of a value */
+ if ($dst == "")
+ $dst = "any";
+
+ /* Match on this dest port */
+ if ($dstport != "")
+ $dst .= " port {$dstport}";
+
+ /* Allow for negating NAT entries */
+ if ($nonat) {
+ $nat = "no nat";
+ $target = "";
+ } else {
+ $nat = "nat";
+ $target = "-> {$tgt}";
+ }
+
+ /* outgoing static-port option, hamachi, Grandstream, VOIP, etc */
+ if($staticnatport)
+ $staticnatport_txt = " static-port";
+ else
+ $staticnatport_txt = "";
+
+ $if_friendly = convert_real_interface_to_friendly_descr($if);
+
+ /* Put all the pieces together */
+ if($if_friendly)
+ $natrule = "{$nat} on \${$if_friendly} from {$src} to {$dst} {$target}{$staticnatport_txt}\n";
+
+ return $natrule;
+}
+
+function is_one_to_one_or_server_nat_rule($iptocheck) {
+ global $config, $target;
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "is_one_to_one_or_server_nat_rule() being called $mt\n";
+ }
+
+ if($config['nat']['onetoone'] <> "")
+ foreach($config['nat']['onetoone'] as $onetoone) {
+ if(ip_in_subnet($iptocheck,$onetoone['internal']."/".$onetoone['subnet']) == true)
+ return true;
+ if($onetoone['internal'] == $target)
+ return true;
+ }
+
+ if($config['nat']['servernat'] <> "")
+ foreach($config['nat']['servernat'] as $onetoone) {
+ $int = explode("/", $onetoone['ipaddr']);
+ if(ip_in_subnet($iptocheck,$onetoone['ipaddr']."/".$onetoone['subnet']) == true)
+ return true;
+ if($onetoone['ipaddr'] == $target)
+ return true;
+ }
+
+ if($config['nat']['rule'] <> "")
+ foreach($config['nat']['rule'] as $onetoone) {
+ $int = explode("/", $onetoone['target']);
+ if(ip_in_subnet($iptocheck,$onetoone['target']."/".$onetoone['subnet']) == true)
+ return true;
+ if($onetoone['target'] == $target)
+ return true;
+ }
+
+ return FALSE;
+}
+
+function filter_nat_rules_generate() {
+ global $config, $g, $after_filter_configure_run;
+
+ $wancfg = $config['interfaces']['wan'];
+ $lancfg = $config['interfaces']['lan'];
+
+ $pptpdcfg = $config['pptpd'];
+ $pppoecfg = $config['pppoe'];
+ $wanif = get_real_wan_interface();
+
+ $lanif = $config['interfaces']['lan']['if'];
+ $lanip = $config['interfaces']['lan']['ipaddr'];
+
+ $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']);
+
+ $natrules .= "nat-anchor \"pftpx/*\"\n";
+
+ $natrules .= "nat-anchor \"natearly/*\"\n";
+ $natrules .= "nat-anchor \"natrules/*\"\n";
+
+ $natrules .= "# FTP proxy\n";
+ $natrules .= "rdr-anchor \"pftpx/*\"\n";
+
+ update_filter_reload_status("Creating 1:1 rules...");
+
+ /* any 1:1 mappings? */
+ if (is_array($config['nat']['onetoone'])) {
+ foreach ($config['nat']['onetoone'] as $natent) {
+ if (!is_numeric($natent['subnet']))
+ $sn = 32;
+ else
+ $sn = $natent['subnet'];
+
+ if (!$natent['interface'] || ($natent['interface'] == "wan"))
+ $natif = $wanif;
+ else
+ $natif = $config['interfaces'][$natent['interface']]['if'];
+
+ if($natif)
+ $natrules .= "binat on $natif from {$natent['internal']}/{$sn} to any -> {$natent['external']}/{$sn}\n";
+ }
+ }
+
+ /* any 1:1 mappings? */
+ if (is_array($config['nat']['onetoone'])) {
+ $natrules .= "\n";
+ foreach ($config['nat']['onetoone'] as $natent) {
+ if (!is_numeric($natent['subnet']))
+ $sn = 32;
+ else
+ $sn = $natent['subnet'];
+
+ if (!$natent['interface'] || ($natent['interface'] == "wan"))
+ $natif = $wanif;
+ else
+ $natif = $config['interfaces'][$natent['interface']]['if'];
+
+ if($natent['interface'])
+ $natrules .= "binat on $natif from {$natent['internal']}/{$sn} to any -> {$natent['external']}/{$sn}\n";
+ }
+ }
+
+ $natrules .= "\n# Outbound NAT rules\n";
+
+ /* outbound rules - advanced or standard */
+ if (isset($config['nat']['advancedoutbound']['enable'])) {
+ /* advanced outbound rules */
+ if (is_array($config['nat']['advancedoutbound']['rule'])) {
+ foreach ($config['nat']['advancedoutbound']['rule'] as $obent) {
+
+ update_filter_reload_status("Creating advanced outbound rule {$obent['descr']}");
+
+ $src = $obent['source']['network'];
+ if (isset($obent['destination']['not']) && !isset($obent['destination']['any']))
+ $dst = "!" . $obent['destination']['address'];
+ else
+ $dst = $obent['destination']['address'];
+
+
+ if (!$obent['interface'] || ($obent['interface'] == "wan"))
+ $natif = $wanif;
+ else
+ $natif = $config['interfaces'][$obent['interface']]['if'];
+
+ $natrules .= filter_nat_rules_generate_if($natif,
+ $src,
+ $obent['sourceport'],
+ $dst,
+ $obent['dstport'],
+ $obent['target'],
+ $obent['natport'],
+ isset($obent['nonat']),
+ isset($obent['staticnatport'])
+ );
+ }
+ }
+ } else {
+ /* standard outbound rules (one for each interface) */
+ update_filter_reload_status("Creating outbound NAT rules");
+
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$lansa}/{$lancfg['subnet']}", 500, "", 500, null, 500, false);
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$lansa}/{$lancfg['subnet']}", 5060, "", 5060, null, 5060, false);
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$lansa}/{$lancfg['subnet']}");
+
+ $optints = array();
+ generate_optcfg_array($optints);
+
+ /* generate lan nat mappings for opts with a gateway opts */
+ foreach($optints as $oc) {
+ $opt_interface = $oc['if'];
+ if (interface_has_gateway("$opt_interface")) {
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$lansa}/{$lancfg['subnet']}", 500, "", 500, null, 500, false);
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$lansa}/{$lancfg['subnet']}", 5060, "", 5060, null, 5060, false);
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$lansa}/{$lancfg['subnet']}");
+ }
+ }
+
+ /* optional interfaces */
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ update_filter_reload_status("Creating outbound rules (opt{$i})");
+ $optcfg = $config['interfaces']['opt' . $i];
+
+ if ((isset ($optcfg['enable'])) && (!$optcfg['bridge']) && (!interface_has_gateway("opt{$i}"))) {
+ $optsa = gen_subnet($optcfg['ipaddr'], $optcfg['subnet']);
+
+ /* create outbound nat entries for primary wan */
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$optsa}/{$optcfg['subnet']}", 500, "", 500, null, 500, false);
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$optsa}/{$optcfg['subnet']}", 5060, "", 5060, null, 5060, false);
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$optsa}/{$optcfg['subnet']}", null, "", null, null, null, isset($optcfg['nonat']));
+
+ /* create outbound nat entries for all opt wans */
+ foreach($optints as $oc) {
+ $opt_interface = $oc['if'];
+ if (interface_has_gateway("$opt_interface")) {
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$optsa}/{$optcfg['subnet']}", 500, "", 500, null, 500, false);
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$optsa}/{$optcfg['subnet']}", 5060, "", 5060, null, 5060, false);
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$optsa}/{$optcfg['subnet']}", null, "", null, null, null, isset($optcfg['nonat']));
+ }
+ }
+ }
+ }
+
+ /* PPTP subnet */
+ if ($pptpdcfg['mode'] == "server") {
+ $pptp_subnet = $g['pptp_subnet'];
+ if($config['pptp']['pptp_subnet'] <> "")
+ $pptp_subnet = $config['pptp']['pptp_subnet'];
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$pptpdcfg['remoteip']}/{$pptp_subnet}", 500, "", 500, null, 500, false);
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$pptpdcfg['remoteip']}/{$pptp_subnet}", 5060, "", 5060, null, 5060, false);
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$pptpdcfg['remoteip']}/{$pptp_subnet}");
+
+ /* generate nat mappings for opts with a gateway opts */
+ foreach($optints as $oc) {
+ $opt_interface = $oc['if'];
+ if ((is_private_ip($pptpdcfg['remoteip'])) && (interface_has_gateway($opt_interface))) {
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$pptpdcfg['remoteip']}/{$pptp_subnet}", 500, "", 500, null, 500, false);
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$pptpdcfg['remoteip']}/{$pptp_subnet}", 5060, "", 5060, null, 5060, false);
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$pptpdcfg['remoteip']}/{$pptp_subnet}");
+ }
+ }
+ }
+
+ /* PPPoE subnet */
+ if ($pppoecfg['mode'] == "server") {
+ $pppoe_subnet = $g['pppoe_subnet'];
+ if($config['pppoe']['pppoe_subnet'] <> "")
+ $pppoe_subnet = $config['pppoe']['pppoe_subnet'];
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$pppoecfg['remoteip']}/{$pppoe_subnet}", 500, "", 500, null, 500, false);
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$pppoecfg['remoteip']}/{$pppoe_subnet}", 5060, "", 5060, null, 5060, false);
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$pppoecfg['remoteip']}/{$pppoe_subnet}");
+
+ /* generate nat mappings for opts with a gateway opts */
+ foreach($optints as $oc) {
+ $opt_interface = $oc['if'];
+ if ((is_private_ip($pppoecfg['remoteip'])) && (interface_has_gateway($opt_interface))) {
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$pppoecfg['remoteip']}/{$pppoe_subnet}", 500, "", 500, null, 500, false);
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$pppoecfg['remoteip']}/{$pppoe_subnet}", 5060, "", 5060, null, 5060, false);
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$pppoecfg['remoteip']}/{$pppoe_subnet}");
+ }
+ }
+ }
+
+ /* static routes */
+ if (is_array($config['staticroutes']['route'])) {
+ foreach ($config['staticroutes']['route'] as $route) {
+ $netip = explode("/", $route['network']);
+ if ((! interface_has_gateway($route['interface'])) && (is_private_ip($netip[0]))) {
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$route['network']}", 500, "", 500, null, 500, false);
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$route['network']}", 5060, "", 5060, null, 5060, false);
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ "{$route['network']}", "", null);
+ }
+ /* generate nat mapping for static routes on opts */
+ foreach($optints as $oc) {
+ $opt_interface = $oc['if'];
+ if ((! interface_has_gateway($route['interface'])) && (is_private_ip($netip[0])) && (interface_has_gateway($opt_interface))) {
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$route['network']}", 500, "", 500, null, 500, false);
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$route['network']}", 5060, "", 5060, null, 5060, false);
+ $natrules .= filter_nat_rules_generate_if($opt_interface,
+ "{$route['network']}", "", null);
+ }
+ }
+
+ }
+ }
+
+ }
+
+ $natrules .= "\n#SSH Lockout Table\n";
+ $natrules .= "table <sshlockout> persist\n\n";
+
+ /* is SPAMD insalled? */
+ if (is_package_installed("spamd") == 1) {
+ $natrules .= "\n# spam table \n";
+
+ $natrules .= "table <whitelist> persist\n";
+ $natrules .= "table <blacklist> persist\n";
+ $natrules .= "table <spamd> persist\n";
+ if(file_exists("/var/db/whitelist.txt"))
+ $natrules .= "table <spamd-white> persist file \"/var/db/whitelist.txt\"\n";
+ $natrules .= "rdr pass on {$wanif} proto tcp from <blacklist> to port smtp -> 127.0.0.1 port spamd\n";
+ $natrules .= "rdr pass on {$wanif} proto tcp from <spamd> to port smtp -> 127.0.0.1 port spamd\n";
+ $natrules .= "rdr pass on {$wanif} proto tcp from !<spamd-white> to port smtp -> 127.0.0.1 port spamd\n";
+ if($config['installedpackages']['spamdsettings']['config'])
+ foreach($config['installedpackages']['spamdsettings']['config'] as $ss)
+ $nextmta = $ss['nextmta'];
+ if($nextmta <> "") {
+ $natrules .= "rdr pass on {$wanif} proto tcp from <spamd-white> to port smtp -> {$nextmta} port smtp\n";
+ }
+ }
+
+ /* load balancer anchor */
+ $natrules .= "\n# Load balancing anchor - slbd updates\n";
+ $natrules .= "rdr-anchor \"slb\"\n";
+
+ update_filter_reload_status("Setting up FTP helper");
+
+ $natrules .= "\n# FTP Proxy/helper\n";
+ /* build an array of interfaces to work with */
+ $iflist = array("lan" => "LAN");
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++)
+ $iflist['opt' . $i] = "opt{$i}";
+ $interface_counter = 0;
+ $vpns_list = get_vpns_list();
+ /* prevent 1:1 ips from pftpx, they will be handled by ftp-sesame */
+ if($config['nat']['onetoone'])
+ foreach ($config['nat']['onetoone'] as $vipent)
+ $onetoone_list .= "{$vipent['internal']} ";
+ if($onetoone_list)
+ $natrules .= "table <onetoonelist> { $onetoone_list }\n";
+ if($vpns_list)
+ $natrules .= "table <vpns> { $vpns_list }\n";
+ /* loop through all interfaces and handle pftpx redirections */
+ foreach ($iflist as $ifent => $ifname) {
+ $ifname_lower = convert_friendly_interface_to_friendly_descr(strtolower($ifname));
+ $realif = convert_friendly_interface_to_real_interface_name(strtolower($ifname));
+ $int_ip = find_interface_ip($realif);
+ if(isset($config['interfaces'][strtolower($ifname)]['disableftpproxy'])) {
+ if($g['debug'])
+ log_error("Filter: FTP proxy disabled for interface {$ifname} - ignoring.");
+ $interface_counter++;
+ continue;
+ }
+ if(stristr($ifname, "opt")) {
+ if(!isset($config['interfaces'][$ifname]['enable'])) {
+ continue;
+ }
+ }
+ /* are we in routed mode? no source nat rules and not a outside interface? */
+ /* If we have advanced outbound nat we skip the FTP proxy, we use ftpsesame */
+ if((isset($config['nat']['advancedoutbound']['enable'])) && (! interface_has_gateway($ifname))) {
+ $sourcenat = 0;
+ /* we are using advanced outbound nat, are we in routing mode? */
+ $realif = convert_friendly_interface_to_real_interface_name($ifname);
+ /* if the interface address lies within a outbound NAT source network we should skip */
+ if(! empty($config['nat']['advancedoutbound']['rule'])) {
+ foreach($config['nat']['advancedoutbound']['rule'] as $natnetwork) {
+ if(ip_in_subnet($int_ip, $natnetwork['source']['network'])) {
+ /* if the interface address is matched in the AON Rule we need the ftp proxy */
+ $sourcenat++;
+ }
+ }
+ }
+ if($sourcenat == 0) {
+ if($g['debug'])
+ log_error("Filter: No AON rule matched for interface {$ifname} - not using the FTP proxy");
+ $interface_counter++;
+ continue;
+ } else {
+ if($g['debug'])
+ log_error("Filter: AON Rule matched for interface {$ifname} - using FTP proxy");
+ }
+ }
+ $tmp_port = 8021 + $interface_counter;
+ $tmp_interface = convert_friendly_interface_to_real_interface_name($ifname);
+ $ifname_lower = strtolower(convert_friendly_interface_to_friendly_descr($ifname));
+ $vpns = get_vpns_list();
+ /* if the user has defined, include the alias so that we do not redirect ftp
+ connections across the tunnels to pftpx */
+ $int_ip = find_interface_ip($tmp_interface);
+ /* if interface lacks an ip, dont setup a rdr for ftp. they are most likely on a bridged interface */
+ if($int_ip and $vpns_list)
+ if($ifname_lower) {
+ $natrules .= "no rdr on $tmp_interface proto tcp from any to <vpns> port 21\n";
+ if($onetoone_list)
+ $natrules .= "no rdr on $tmp_interface proto tcp from <onetoonelist> to any port 21\n";
+ }
+ if($ifname_lower)
+ $natrules .= "rdr on $tmp_interface proto tcp from any to any port 21 -> 127.0.0.1 port {$tmp_port}\n";
+ $interface_counter++;
+ }
+ $natrules .= "\n";
+
+ /* DIAG: add ipv6 NAT, if requested */
+ if (isset($config['diag']['ipv6nat']['enable']) and $config['diag']['ipv6nat']['ipaddr'] <> "") {
+ /* XXX: FIX ME! IPV6 */
+ $natrules .= "rdr on \$wan proto ipv6 from any to any -> {$config['diag']['ipv6nat']['ipaddr']}\n";
+ }
+
+ if(file_exists("/var/etc/inetd.conf"))
+ mwexec("rm /var/etc/inetd.conf");
+ touch("/var/etc/inetd.conf");
+
+ if (isset($config['nat']['rule'])) {
+ $natrules .= "# NAT Inbound Redirects\n";
+
+ if(!isset($config['system']['disablenatreflection'])) {
+ $inetd_fd = fopen("/var/etc/inetd.conf","w");
+ /* start redirects on port 19000 of localhost */
+ $starting_localhost_port = 19000;
+ }
+
+ foreach ($config['nat']['rule'] as $rule) {
+
+ update_filter_reload_status("Creating NAT rule {$rule['descr']}");
+
+ /* if item is an alias, expand */
+ $extport = "";
+ unset($extport);
+ if(alias_expand($rule['external-port']))
+ $extport[0] = alias_expand_value($rule['external-port']);
+ else
+ $extport = explode("-", $rule['external-port']);
+
+ /* if item is an alias, expand */
+ if(alias_expand($rule['local-port']))
+ $localport = "";
+ else
+ $localport = " port {$rule['local-port']}";
+
+ $target = alias_expand_host($rule['target']);
+
+ if (!$target) {
+ $natrules .= "# Unresolvable alias {$rule['target']}\n";
+ continue; /* unresolvable alias */
+ }
+
+ # use tables for aliases in rdr
+ if (!is_ipaddr($target)) {
+ $natrules .= "table <{$rule['target']}> { $target }\n";
+ $target = "<{$rule['target']}>";
+ }
+
+ if ($rule['external-address'])
+ if($rule['external-address'] <> "any")
+ $extaddr = $rule['external-address'] . "/32";
+ else
+ $extaddr = $rule['external-address'];
+ else
+ $extaddr = get_current_wan_address($rule['interface']);
+
+ if (!$rule['interface'] || ($rule['interface'] == "wan"))
+ $natif = $wanif;
+ else if($rule['interface'] == "\$pptp")
+ $natif = "pptp";
+ else if($rule['interface'] == "\$pppoe")
+ $natif = "pppoe";
+ else
+ $natif = $config['interfaces'][$rule['interface']]['if'];
+
+ $lanif = $lancfg['if'];
+
+ /*
+ * Expand aliases
+ * XXX: may want to integrate this into pf macros
+ */
+ if(alias_expand($target))
+ $target = alias_expand($target);
+ if(alias_expand($extaddr))
+ $extaddr = alias_expand($extaddr);
+
+ /*
+ * If FTP Proxy Helper is enabled and the
+ * operator has requested a port forward to
+ * a ftp server then launch a helper
+ */
+ $dontinstallrdr = false;
+ if($target <> "") {
+ $external_address = $rule['external-address'];
+ if($extport[0] == "21" and !isset($config['interfaces'][strtolower($rule['interface'])]['disableftpproxy'])) {
+ $helpers = exec("/bin/ps awux | grep \"{$target} -b {$external_address}\" | grep -v grep");
+ if(!$helpers) {
+ if($external_address == "")
+ $external_address = find_interface_ip(get_real_wan_interface());
+ /* install a pftpx helper, do not set a rule. also use the delay filter configure run
+ * routines because if this is the first bootup the filter is not completely configured
+ * and thus pf is not fully running. otherwise we end up with: pftpx: pf is disabled
+ */
+ if(isset($config['shaper']['enable'])) {
+ if(isset($config['ezshaper']['step5']['p2pcatchall'])) {
+ $shaper_queue = "-q qP2PUp ";
+ } else {
+ $upq = "q" . convert_friendly_interface_to_friendly_descr($config['ezshaper']['step2']['outside_int']);
+ $shaper_queue = "-q {$upq}def ";
+ }
+ } else {
+ $shaper_queue = "";
+ }
+ $after_filter_configure_run[] = "/usr/local/sbin/pftpx {$shaper_queue}-f {$target} -b {$external_address} -c 21 -g 21";
+ }
+ $dontinstallrdr = true;
+ }
+ }
+
+ if($extaddr == "")
+ $dontinstallrdr = true;
+
+ $rdr_on = convert_real_interface_to_friendly_descr($rule['interface']);
+
+ if($dontinstallrdr == false) {
+ /* is rule a port range? */
+ if ((!$extport[1]) || ($extport[0] == $extport[1])) {
+
+ switch ($rule['protocol']) {
+ case "tcp/udp":
+ if($natif) {
+ if($rule['external-port'] <> $rule['local-port'])
+ $natrules .= "{$nordr}rdr on $natif proto { tcp udp } from any to {$extaddr} port { {$extport[0]} } -> {$target}{$localport}";
+ else
+ $natrules .= "{$nordr}rdr on $natif proto { tcp udp } from any to {$extaddr} port { {$extport[0]} } -> {$target}";
+ }
+ break;
+ case "udp":
+ case "tcp":
+ if($extport[0])
+ if($natif) {
+ if($rule['external-port'] <> $rule['local-port'])
+ $natrules .= "rdr on $natif proto {$rule['protocol']} from any to {$extaddr} port { {$extport[0]} } -> {$target}{$localport}";
+ else
+ $natrules .= "rdr on $natif proto {$rule['protocol']} from any to {$extaddr} port { {$extport[0]} } -> {$target}";
+ }
+ else
+ if($natif)
+ $natrules .= "rdr on $natif proto {$rule['protocol']} from any to {$extaddr} -> {$target}{$localport}";
+ break;
+ default:
+ $natrules .= "rdr on $natif proto {$rule['protocol']} from any to {$extaddr} -> {$target}";
+ break;
+ }
+ } else {
+ switch ($rule['protocol']) {
+ case "tcp/udp":
+ if($natif)
+ $natrules .= "{$nordr}rdr on $natif proto { tcp udp } from any to {$extaddr} port {$extport[0]}:{$extport[1]} -> {$target}{$localport}:*";
+ break;
+ case "udp":
+ case "tcp":
+ if($natif)
+ $natrules .= "{$nordr}rdr on $natif proto {$rule['protocol']} from any to {$extaddr} port {$extport[0]}:{$extport[1]} -> {$target}{$localport}:*";
+ break;
+ default:
+ if($natif)
+ $natrules .= "{$nordr}rdr on $natif proto {$rule['protocol']} from any to {$extaddr} -> {$target}";
+ }
+ }
+ }
+
+ /* does this rule redirect back to a internal host?
+ * if so, add some extra goo to help this work.
+ */
+ $rule_friendly_if = convert_friendly_interface_to_real_interface_name($rule['interface']);
+ $rule_interface_ip = find_interface_ip($rule_friendly_if);
+ $rule_interface_subnet = $config['interfaces'][$rule['interface']]['subnet'];
+ $rule_subnet = gen_subnet($rule_interface_ip, $rule_interface_subnet);
+ if($rule['external-address'] == "any" and $rule['interface'] == "lan") {
+ $natrules .= "\n";
+ if($rule_friendly_if)
+ $natrules .= "no nat on {$rule_friendly_if} proto tcp from {$rule_friendly_if} to {$rule_subnet}/{$rule_interface_subnet}\n";
+ if($rule_friendly_if)
+ $natrules .= "nat on {$rule_friendly_if} proto tcp from {$rule_subnet}/{$rule_interface_subnet} to {$target} port {$extport[0]} -> {$rule_friendly_if}\n";
+ }
+
+ if(!isset($config['system']['disablenatreflection'])) {
+
+ update_filter_reload_status("Setting up reflection");
+
+ $natrules .= "\n# Reflection redirects\n";
+ foreach ($iflist as $ifent => $ifname) {
+
+ /* do not process interfaces with gateways*/
+ if($config['interfaces'][$ifname]['gateway'] <> "")
+ continue;
+
+ /* do not process interfaces that will end up with gateways */
+ if($config['interfaces'][$ifname]['ipaddr'] == "dhcp" or
+ $config['interfaces'][$ifname]['ipaddr'] == "bigpond" or
+ $config['interfaces'][$ifname]['ipaddr'] == "pppoe" or
+ $config['interfaces'][$ifname]['ipaddr'] == "pptp")
+ continue;
+
+ $ifname_real = convert_friendly_interface_to_real_interface_name($ifname);
+
+ if($extport[1])
+ $range_end = ($extport[1]);
+ else
+ $range_end = ($extport[0]);
+
+ $range_end++;
+
+ if($rule['local-port'])
+ $lrange_start = $rule['local-port'];
+
+ if($range_end - $extport[0] > 500) {
+ $range_end = $extport[0]+1;
+ log_error("Not installing nat reflection rules for a port range > 500");
+ } else {
+ /* only install reflection rules for < 19991 items */
+ if($starting_localhost_port < 19991) {
+ $loc_pt = $lrange_start;
+ for($x=$extport[0]; $x<$range_end; $x++) {
+
+ $xxx = $x;
+
+ /* do not install reflection rules for FTP. This simply
+ * opens up pandoras box.
+ */
+ if($xxx == "21")
+ continue;
+
+ update_filter_reload_status("Creating reflection rule for {$rule['descr']}...");
+
+ $ifname_real = convert_friendly_interface_to_friendly_descr(strtolower($ifname));
+
+ if($config['system']['reflectiontimeout'])
+ $reflectiontimeout = $config['system']['reflectiontimeout'];
+ else
+ $reflectiontimeout = "2000";
+
+ switch($rule['protocol']) {
+
+ case "tcp/udp":
+ $protocol = "{ tcp udp }";
+ $toadd_array = array();
+ if(is_alias($loc_pt)) {
+ $loc_pt_translated = alias_expand_value($loc_pt);
+ if(stristr($loc_pt_translated, " ")) {
+ /* XXX: we should deal with multiple ports */
+ $loc_pt_translated_split = split(" ", $loc_pt_translated);
+ foreach($loc_pt_translated_split as $lpts)
+ $toadd_array[] = $lpts;
+ } else {
+ $toadd_array[] = $loc_pt_translated;
+ }
+ } else {
+ $loc_pt_translated = $loc_pt;
+ $toadd_array[] = $loc_pt_translated;
+ }
+ foreach($toadd_array as $tda){
+ fwrite($inetd_fd, "{$starting_localhost_port}\tstream\ttcp/udp\tnowait/0\tnobody\t/usr/bin/nc nc -u -w {$reflectiontimeout} {$target} {$tda}\n");
+ if($ifname_real)
+ $natrules .= "rdr on \${$ifname_real} proto tcp from any to {$extaddr} port { {$xxx} } -> 127.0.0.1 port {$starting_localhost_port}\n";
+ $starting_localhost_port++;
+ fwrite($inetd_fd, "{$starting_localhost_port}\tstream\ttcp/udp\tnowait/0\tnobody\t/usr/bin/nc nc -w {$reflectiontimeout} {$target} {$tda}\n");
+ if($ifname_real)
+ $natrules .= "rdr on \${$ifname_real} proto udp from any to {$extaddr} port { {$xxx} } -> 127.0.0.1 port {$starting_localhost_port}\n";
+ $xxx++;
+ $starting_localhost_port++;
+ }
+ break;
+ case "tcp":
+ case "udp":
+ $protocol = $rule['protocol'];
+ $toadd_array = array();
+ if(is_alias($loc_pt)) {
+ $loc_pt_translated = alias_expand_value($loc_pt);
+ if(stristr($loc_pt_translated, " ")) {
+ /* XXX: we should deal with multiple ports */
+ $loc_pt_translated_split = split(" ", $loc_pt_translated);
+ foreach($loc_pt_translated_split as $lpts)
+ $toadd_array[] = $lpts;
+ } else {
+ $toadd_array[] = $loc_pt_translated;
+ }
+ } else {
+ $loc_pt_translated = $loc_pt;
+ $toadd_array[] = $loc_pt_translated;
+ }
+ foreach($toadd_array as $tda){
+ if($protocol == "udp")
+ $dash_u = "-u ";
+ else
+ $dash_u = "";
+ if($config['system']['reflectiontimeout'])
+ $reflectiontimeout = $config['system']['reflectiontimeout'];
+ else
+ $reflectiontimeout = "20";
+ fwrite($inetd_fd, "{$starting_localhost_port}\tstream\t{$protocol}\tnowait/0\tnobody\t/usr/bin/nc nc {$dash_u}-w {$reflectiontimeout} {$target} {$tda}\n");
+ if($ifname_real)
+ $natrules .= "rdr on \${$ifname_real} proto {$protocol} from any to {$extaddr} port { {$xxx} } -> 127.0.0.1 port {$starting_localhost_port}\n";
+ $xxx++;
+ $starting_localhost_port++;
+ }
+ break;
+ default:
+ break;
+ }
+ $loc_pt++;
+ if($starting_localhost_port > 19990) {
+ log_error("Not installing nat reflection rules. Maximum 1,000 reached.");
+ $x = $range_end+1;
+ }
+ }
+ }
+ }
+
+ }
+
+ }
+
+ $natrules .= "\n";
+ }
+
+ if(!isset($config['system']['disablenatreflection'])) {
+ fclose($inetd_fd);
+ $helpers = trim(exec("/bin/ps ax | /usr/bin/grep inetd | /usr/bin/grep -v grep | /usr/bin/grep 127"));
+ if(!$helpers)
+ mwexec("/usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf");
+ else
+ mwexec("/usr/bin/killall -HUP inetd");
+
+ }
+ }
+
+ if ($pptpdcfg['mode'] && $pptpdcfg['mode'] != "off") {
+
+ if ($pptpdcfg['mode'] == "server")
+ $pptpdtarget = "127.0.0.1";
+ else if ($pptpdcfg['mode'] == "redir")
+ $pptpdtarget = $pptpdcfg['redir'];
+
+ if ($pptpdcfg['mode'] == "redir") {
+
+ $natrules .= <<<EOD
+
+# PPTP
+rdr on \$wan proto gre from any to any -> $pptpdtarget
+rdr on \$wan proto tcp from any to any port 1723 -> $pptpdtarget
+
+EOD;
+ }
+ }
+
+ if (is_package_installed('squid') && file_exists('/usr/local/pkg/squid.inc')) {
+ require_once('squid.inc');
+ $natrules .= squid_generate_rules('nat');
+ }
+
+ if (is_package_installed('clamav') && file_exists('/usr/local/pkg/clamav.inc')) {
+ require_once('clamav.inc');
+ $natrules .= clamav_generate_rules('nat');
+ }
+
+ if (is_package_installed('frickin') && file_exists('/usr/local/pkg/frickin.inc')) {
+ require_once ('frickin.inc');
+ $natrules .= frickin_generate_rules('nat');
+ }
+
+ if (is_package_installed('siproxd') && file_exists('/usr/local/pkg/sipproxd.inc')) {
+ require_once('sipproxd.inc');
+ $natrules .= siproxd_generate_rules('nat');
+ }
+
+ $natrules .= process_carp_nat_rules();
+
+ $natrules .= "# IMSpector rdr anchor\n";
+ $natrules .= "rdr-anchor \"imspector\"\n";
+
+ $natrules .= "# UPnPd rdr anchor\n";
+ $natrules .= "rdr-anchor \"miniupnpd\"\n";
+
+ return $natrules;
+}
+
+function run_command_return_string($cmd) {
+ global $config;
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "generate_user_filter_rule() being called $mt\n";
+ }
+
+ $fd = popen($cmd, "r");
+ while(!feof($fd)) {
+ $tmp .= fread($fd,49);
+ }
+ fclose($fd);
+ return $tmp;
+}
+
+function generate_user_filter_rule_arr($rule, $ngcounter) {
+ global $config;
+ update_filter_reload_status("Creating filter rules {$rule['descr']} ...");
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "generate_user_filter_rule() being called $mt\n";
+ }
+ $ret = array();
+ $line = generate_user_filter_rule($rule, $ngcounter);
+ $ret['rule'] = $line;
+ $ret['interface'] = $rule['interface'];
+ if ($line[0] != '#') {
+ if($rule['descr'] != "" and $line != "")
+ $ret['descr'] = "label \"USER_RULE: " . str_replace('"', '', $rule['descr']) . "\"";
+ else
+ $ret['descr'] = "label \"USER_RULE\"";
+ }
+ $ret['ackq'] = get_ack_queue($rule['interface']);
+
+ return $ret;
+}
+
+function generate_user_filter_rule($rule, $ngcounter) {
+ global $config, $g;
+ global $table_cache;
+ global $schedule_enabled;
+
+ if($config['schedules']) {
+ foreach($config['schedules']['schedule'] as $sched) {
+ $schedule_enabled = true;
+ break;
+ }
+ }
+
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "generate_user_filter_rule() being called $mt\n";
+ }
+
+ /* Setup cache array if not already existing */
+ if (!isset($table_cache)) {
+ if ($g['debug'])
+ echo "Creating table cache\n";
+ $table_cache = array();
+ }
+
+ update_filter_reload_status("Creating filter rules {$rule['descr']} ...");
+
+ $wancfg = $config['interfaces']['wan'];
+ $lancfg = $config['interfaces']['lan'];
+ $pptpdcfg = $config['pptpd'];
+ $pppoecfg = $config['pppoe'];
+
+ $lanif = $lancfg['if'];
+ $wanif = get_real_wan_interface();
+
+ $lanip = $lancfg['ipaddr'];
+ $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']);
+ $lansn = $lancfg['subnet'];
+
+ $int = "";
+
+ $optcfg = array();
+ generate_optcfg_array($optcfg);
+
+ $curwanip = get_current_wan_address();
+
+ /* don't include disabled rules */
+ if (isset($rule['disabled'])) {
+ return "# rule " . $rule['descr'] . " disabled ";
+ }
+
+ $pptpdcfg = $config['pptpd'];
+ $pppoecfg = $config['pppoe'];
+
+ if ($pptpdcfg['mode'] == "server") {
+ $pptpip = $pptpdcfg['localip'];
+ $pptpsa = $pptpdcfg['remoteip'];
+ $pptpsn = $g['pptp_subnet'];
+ if($config['pptp']['pptp_subnet'] <> "")
+ $pptpsn = $config['pptp']['pptp_subnet'];
+ }
+
+ if ($pppoecfg['mode'] == "server") {
+ $pppoeip = $pppoecfg['localip'];
+ $pppoesa = $pppoecfg['remoteip'];
+ $pppoesn = $g['pppoe_subnet'];
+ if($config['pppoe']['pppoe_subnet'] <> "")
+ $pppoesn = $config['pppoe']['pppoe_subnet'];
+ }
+
+ /* does the rule deal with a PPTP interface? */
+ if ($rule['interface'] == "pptp") {
+ if ($pptpdcfg['mode'] != "server")
+ return "";
+ $nif = $g['n_pptp_units'];
+ if($config['pptp']['n_pptp_units'] <> "")
+ $nif = $config['pptp']['n_pptp_units'];
+ $ispptp = true;
+ } else if($rule['interface'] == "pppoe") {
+ if ($pppoecfg['mode'] != "server") {
+ return " # Error creating pppoe rule";
+ }
+ $nif = $g['n_pppoe_units'];
+ if($config['pppoe']['n_pppoe_units'] <> "")
+ $nif = $config['pppoe']['n_pppoe_units'];
+ $ispppoe = true;
+ } else if(!isset($rule['interface'])) {
+ return '# Interface empty for rule: '.$rule['descr'];
+ } else {
+
+ /* Check to see if the interface is opt and in our opt list */
+ if (strstr($rule['interface'], "opt")) {
+ if (!array_key_exists($rule['interface'], $optcfg)) {
+ $item = "";
+ foreach($optcfg as $oc) $item .= $oc['if'];
+ return "# {$real_int} {$item} {$rule['interface']} array key does not exist for " . $rule['descr'];
+ }
+ }
+
+ $nif = 1;
+ $ispptp = false;
+ $ispppoe = false;
+ }
+
+ if ($pptpdcfg['mode'] != "server") {
+ if (($rule['source']['network'] == "pptp") ||
+ ($rule['destination']['network'] == "pptp")) {
+ return "# source network or destination network == pptp on " . $rule['descr'];
+ }
+ }
+
+ if ($rule['source']['network'] && strstr($rule['source']['network'], "opt")) {
+ if (!array_key_exists($rule['source']['network'], $optcfg)) {
+ $optmatch = "";
+ if(preg_match("/opt([0-999])/", $rule['source']['network'], $optmatch)) {
+ $real_opt_int = convert_friendly_interface_to_real_interface_name("opt" . $optmatch[1]);
+ $opt_ip = find_interface_ip($real_opt_int);
+ if(!$opt_ip)
+ return "# unresolvable optarray $real_opt_int - $optmatch[0] - $opt_ip";
+ } else {
+ return "# {$rule['source']['network']} !array_key_exists source network " . $rule['descr'];
+ }
+ }
+ }
+ if ($rule['destination']['network'] && strstr($rule['destination']['network'], "opt")) {
+ if (!array_key_exists($rule['destination']['network'], $optcfg)) {
+ if(preg_match("/opt([0-999])/", $rule['destination']['network'], $optmatch)) {
+ $real_opt_int = convert_friendly_interface_to_real_interface_name("opt" . $optmatch[1]);
+ $opt_ip = find_interface_ip($real_opt_int);
+ if(!$opt_ip)
+ return "# unresolvable oparray $real_opt_int - $optmatch[0] - $opt_ip";
+ } else {
+ return "# {$item} {$rule['destination']['network']} !array_key_exists dest network " . $rule['descr'];
+ }
+ }
+ }
+
+ /* check for unresolvable aliases */
+ if ($rule['source']['address'] && !alias_expand($rule['source']['address'])) {
+ file_notice("Filter_Reload", "# unresolvable source aliases {$rule['descr']}");
+ return "# unresolvable source aliases {$rule['descr']}";
+ }
+ if ($rule['destination']['address'] && !alias_expand($rule['destination']['address'])) {
+ file_notice("Filter_Reload", "# unresolvable dest aliases {$rule['descr']}");
+ return "# unresolvable dest aliases {$rule['descr']}";
+ }
+
+ $ifdescrs = array();
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++)
+ $ifdescrs[] = "opt" . $i;
+
+ update_filter_reload_status("Setting up pass/block rules");
+
+ for ($iif = 0; $iif < $nif; $iif++) {
+
+ $type = $rule['type'];
+
+
+ if ($type != "pass" && $type != "block" && $type != "reject") {
+ /* default (for older rules) is pass */
+ $type = "pass";
+ }
+
+ if ($type == "reject") {
+ /* special reject packet */
+ if ($rule['protocol'] == "tcp") {
+ $aline['type'] = "block return-rst";
+ } else if ($rule['protocol'] == "udp") {
+ $aline['type'] = "block return-icmp";
+ } else if ($rule['protocol'] == "tcp/udp") {
+ $aline['type'] = "block return";
+ } else {
+ $aline['type'] = "block";
+ }
+ } else {
+ $aline['type'] = $type;
+ }
+
+ /* ensure the direction is in */
+ $aline['direction'] = " in ";
+
+ if (isset($rule['log']))
+ $aline['log'] = "log ";
+
+ $aline['quick'] = "quick ";
+
+ if ($ispptp) {
+ $aline['interface'] = "on \$pptp ";
+ } else if ($ispppoe) {
+ $aline['interface'] = "on \$pppoe ";
+ } else {
+ // translate wan, man, lan, opt to real interface.
+ $interface = $rule['interface'];
+ $temp = filter_get_opt_interface_descr($interface);
+ if($temp <> "") $interface = $temp;
+ if(isset($rule['destination']['address'])) {
+ $canadd = 0; // XXX: billm - eh? this is a nice little noop
+ /* because pf will not allow a interface for proxyARP
+ type traffic lets check if its in use and if so leave
+ off the interface */
+ if(is_one_to_one_or_server_nat_rule($rule['destination']['address']))
+ $canadd = 0;
+ }
+ if($canadd == 0)
+ $aline['interface'] = "on \$" . convert_real_interface_to_friendly_descr($rule['interface']) . " ";
+ }
+
+
+ /* set the gateway interface */
+ $ri = filter_translate_type_to_real_interface($rule['interface']);
+
+ update_filter_reload_status("Setting up pass/block rules {$rule['descr']}");
+
+ /*
+ * check to see if /tmp/{${ri}_router exists. This file
+ * is created by dhclient for 2nd wan interfaces, etc.
+ * else get gateway from the interface config
+ */
+ if(file_exists("{$g['tmp_path']}/{$ri}_router")) {
+ $rg = file_get_contents("{$g['tmp_path']}/{$ri}_router");
+ $rg = rtrim($rg);
+ } elseif ($config['interfaces'][$rule['interface']]['gateway'] <> "") {
+ $rg = $config['interfaces'][$rule['interface']]['gateway'];
+ }
+
+ /* do not process reply-to for gateway'd rules */
+ if(($rule['gateway'] == "") and ($ri != "") and ($rg != "") and (stristr($rule['interface'],"opt") == true)) {
+ $aline['reply'] = "reply-to (" . $ri . " " . $rg . ") ";
+ }
+
+ /* if user has selected a custom gateway, lets work with it */
+ if($rule['gateway'] <> "") {
+ $foundlb = 0;
+ $routeto = " route-to { ";
+ if(is_array($config['load_balancer']['lbpool'])) {
+ foreach($config['load_balancer']['lbpool'] as $lb) {
+ update_filter_reload_status("Creating load balancing item...");
+ if($lb['name'] == $rule['gateway']) {
+ $gateway = $rule['gateway'];
+ /*
+ * is $gateway a interface name?
+ * if so, lets find out the gateway address
+ * from /tmp/router_bleh.router
+ */
+ if(in_array($gateway, $ifdescrs)==true) {
+ if(is_file("{$g['tmp_path']}/{$gateway}_router")) {
+ $return_gateway = file_get_contents("{$g['tmp_path']}/{$gateway}_router");
+ } else {
+ log_error("Could not find {$g['tmp_path']}/{$gateway}_router. Needed for dhcp gateway information");
+ continue;
+ }
+ }
+ /* if /tmp/$lbname.pool exists then read in our gateway hints from slbd */
+ if(file_exists("{$g['tmp_path']}/{$lb['name']}.pool")) {
+ $lbs_tmp = split("\n", file_get_contents("{$g['tmp_path']}/{$lb['name']}.pool"));
+ $lbs = array();
+ /* process the entire file to prevent empty lines */
+ foreach($lbs_tmp as $lb_tmp) {
+ if(is_ipaddr($lb_tmp)) {
+ $lbs[] = $lb_tmp;
+ }
+ }
+ $lbs_count = count($lbs);
+ if($g['debug'])
+ log_error("We found $lbs_count valid entries in status file {$g['tmp_path']}/{$lb['name']}.pool");
+
+ if(count($lbs) == 0) {
+ if($g['debug'])
+ log_error("There are no servers found in the status file, using XML config settings!");
+ foreach ($lb['servers'] as $lbsvr) {
+ $lbsvr_split = split("\|", $lbsvr);
+ $lbs[] = $lbsvr_split[1];
+ }
+ }
+ } else {
+ if($g['debug'])
+ log_error("There is no server status file, using XML config settings!");
+ $lbs = array();
+ foreach ($lb['servers'] as $lbsvr) {
+ $lbsvr_split = split("\|", $lbsvr);
+ $lbs[] = $lbsvr_split[1];
+ }
+ }
+ /* If we want failover we only return the first (top) server from the list
+ * and work our way down from there. This way we order the failover order.
+ */
+ if($lb['behaviour'] == "failover") {
+ $firstsrv = $lbs[0];
+ $lbs = array("$firstsrv");
+ }
+
+ /* create server/gateway gateway/monitor array */
+ $l = 0;
+ $lbconfig = array();
+ foreach ($lb['servers'] as $lbsvr) {
+ $lbsvr_split=split("\|", $lbsvr);
+ $lbconfig['gateway'][$l] = $lbsvr_split[0];
+ $lbconfig['monitor'][$l] = $lbsvr_split[1];
+ $l++;
+ }
+ $lbconfig_count = count($lbconfig['gateway']);
+
+ $l = 0;
+ while($l < $lbconfig_count) {
+ /* iterate through $lbs and setup items accordingly */
+ foreach($lbs as $server) {
+ if ($server == "")
+ continue;
+ unset($gateway, $int);
+ if ($lbconfig['monitor'][$l] == $server) {
+ /* determine interface gateway */
+ if(is_ipaddr($lbconfig['gateway'][$l])) {
+ $int = guess_interface_from_ip($lbconfig['gateway'][$l]);
+ $gateway = $lbconfig['gateway'][$l];
+ log_error("SLBD pool {$lb['name']} is old style. Please recreate.");
+ } else if(interface_has_gateway($lbconfig['gateway'][$l])) {
+ $int = convert_friendly_interface_to_real_interface_name($lbconfig['gateway'][$l]);
+ $gateway = get_interface_gateway($lbconfig['gateway'][$l]);
+ }
+ if(($int <> "") && ($gateway <> "")) {
+ if($g['debug'])
+ log_error("Setting up route with {$lbconfig['gateway'][$l]} om $int for monitor {$lbconfig['monitor'][$l]} on gateway $gateway");
+ if($foundlb == 1)
+ $routeto .= ", ";
+ $routeto .= "( {$int} {$gateway} ) ";
+ $foundlb = 1;
+ }
+ /* we have a match, go forth and try the next LB item so we don't setup multiples incorrectly */
+ $l++;
+ continue;
+ }
+ }
+ $l++;
+ }
+ /* If we want failover just use route-to else round-robin */
+ if($lb['behaviour'] == "failover") {
+ $routeto .= "} ";
+ } else {
+ $routeto .= "} round-robin ";
+ if(isset($config['system']['lb_use_sticky']))
+ $routeto .= " sticky-address ";
+ }
+ }
+ }
+ /* Add the load balanced gateways */
+ if ($foundlb == 1)
+ $aline['route'] = $routeto;
+ }
+ /* we're not using load balancing, just setup gateway */
+ if($foundlb == 0) {
+ $gateway = $rule['gateway'];
+ /*
+ * is $gateway a interface name?
+ * if so, lets find out the gateway address
+ * from /tmp/router_bleh.router
+ */
+ if(in_array($gateway, $ifdescrs)==true) {
+ $int=filter_opt_interface_to_real($gateway);
+ if(is_file("{$g['tmp_path']}/{$int}_router")) {
+ $gatewayip = file_get_contents("{$g['tmp_path']}/{$int}_router");
+ $gatewayip = rtrim($gatewayip);
+ if (is_ipaddr($gatewayip)) {
+ $aline['route'] = " route-to ( {$int} {$gatewayip} ) ";
+ }
+ } else {
+ log_error("Could not find {$g['tmp_path']}/{$int}_router. Needed for dhcp gateway information");
+ continue;
+ }
+ } else {
+ /* user picked a real gateway ip */
+ if(is_ipaddr($rule['gateway'])) {
+ $gatewayip = $rule['gateway'];
+ $int = guess_interface_from_ip($gatewayip);
+ $aline['route'] = " route-to ( " . guess_interface_from_ip($rule['gateway']) . " {$rule['gateway']} ) ";
+ }
+ }
+ }
+ }
+
+ if (isset($rule['protocol'])) {
+ if($rule['protocol'] == "tcp/udp")
+ $aline['prot'] = "proto { tcp udp } ";
+ elseif($rule['protocol'] == "icmp")
+ $aline['prot'] = "inet proto icmp ";
+ else
+ $aline['prot'] = "proto {$rule['protocol']} ";
+ } else {
+ if($rule['source']['port'] <> "" || $rule['destination']['port'] <> "") {
+ $aline['prot'] = "proto tcp ";
+ }
+ }
+
+ update_filter_reload_status("Creating rule {$rule['descr']}");
+
+ /* source address */
+ if (isset($rule['source']['any'])) {
+ $src = "any";
+ } else if ($rule['source']['network']) {
+
+ if (strstr($rule['source']['network'], "opt")) {
+ $src = $optcfg[$rule['source']['network']]['sa'] . "/" .
+ $optcfg[$rule['source']['network']]['sn'];
+ if (isset($rule['source']['not'])) $src = " !{$src}";
+ /* check for opt$NUMip here */
+ $matches = "";
+ if (preg_match("/opt([0-9999])ip/", $rule['source']['network'], $matches)) {
+ $optnum = $matches[1];
+ $real_int = convert_friendly_interface_to_real_interface_name("opt{$optnum}");
+ $src = find_interface_ip($real_int);
+ }
+ } else {
+ switch ($rule['source']['network']) {
+ case 'wanip':
+ $src = $curwanip;
+ break;
+ case 'lanip':
+ $src = $lanip;
+ break;
+ case 'lan':
+ $src = "{$lansa}/{$lansn}";
+ break;
+ case 'pptp':
+ $src = "{$pptpsa}/{$pptpsn}";
+ break;
+ case 'pppoe':
+ $src = "{$pppoesa}/{$pppoesn}";
+ break;
+ }
+ if (isset($rule['source']['not'])) $src = "!{$src}";
+ }
+ } else if ($rule['source']['address']) {
+ $expsrc = alias_expand($rule['source']['address']);
+
+ if (isset($rule['source']['not']))
+ $not = "!";
+ else
+ $not = "";
+
+ if (stristr($expsrc, "$")) {
+ if($not) {
+ $src = "{";
+ foreach(preg_split("/[\s]+/", alias_expand_value($rule['source']['address'])) as $item) {
+ if($item != "") {
+ $src .= " {$not}{$item}";
+ }
+ }
+ /* added support for tables */
+ $src .= " 0/0 }";
+ $src_table = "<not" . $rule['source']['address'] . ">";
+ }
+ else {
+ $src = "{ {$not} " . alias_expand_value($rule['source']['address']) . " } ";
+ $src_table = "<" . $rule['source']['address'] . ">";
+ }
+
+ /* support for tables */
+ $src_table_line = "table $src_table {$src}\n";
+ $src = $src_table;
+ }
+ else
+ $src = "{ {$not} {$expsrc} }";
+ }
+
+ if (!$src || ($src == "/")) {
+ return "# at the break!";
+ }
+
+ $aline['src'] = "from $src ";
+
+ if (in_array($rule['protocol'], array("tcp","udp","tcp/udp"))) {
+
+ if ($rule['source']['port']) {
+ $srcport = explode("-", $rule['source']['port']);
+ if(alias_expand($srcport[0]))
+ $srcporta = alias_expand($srcport[0]);
+ else
+ $srcporta = $srcport[0];
+ if ((!$srcport[1]) || ($srcport[0] == $srcport[1])) {
+ if(alias_expand($srcport[0]))
+ $aline['srcport'] = "port {$srcporta} ";
+ else
+ $aline['srcport'] = "port = {$srcporta} ";
+ } else if (($srcport[0] == 1) && ($srcport[1] == 65535)) {
+ /* no need for a port statement here */
+ } else if ($srcport[1] == 65535) {
+ $aline['srcport'] = "port >= {$srcport[0]} ";
+ } else if ($srcport[0] == 1) {
+ $aline['srcport']= "port <= {$srcport[1]} ";
+ } else {
+ $srcport[0]--;
+ $srcport[1]++;
+ $aline['srcport'] = "port {$srcport[0]} >< {$srcport[1]} ";
+ }
+ }
+ /* OS signatures */
+ if (($rule['protocol'] == "tcp") && ($rule['os'] <> ""))
+ $aline['os'] = "os {$rule['os']} ";
+
+ }
+
+ /* destination address */
+ if (isset($rule['destination']['any'])) {
+ $dst = "any";
+ } else if ($rule['destination']['network']) {
+
+ if (strstr($rule['destination']['network'], "opt")) {
+ $dst = $optcfg[$rule['destination']['network']]['sa'] . "/" .
+ $optcfg[$rule['destination']['network']]['sn'];
+ /* check for opt$NUMip here */
+ $matches = "";
+ if (preg_match("/opt([0-9999])ip/", $rule['destination']['network'], $matches)) {
+ $optnum = $matches[1];
+ $real_int = convert_friendly_interface_to_real_interface_name("opt{$optnum}");
+ $dst = find_interface_ip($real_int);
+ }
+ if (isset($rule['destination']['not'])) $dst = " !{$dst}";
+ } else {
+ switch ($rule['destination']['network']) {
+ case 'wanip':
+ $dst = $curwanip;
+ break;
+ case 'lanip':
+ $dst = $lanip;
+ break;
+ case 'lan':
+ $dst = "{$lansa}/{$lansn}";
+ break;
+ case 'pptp':
+ $dst = "{$pptpsa}/{$pptpsn}";
+ break;
+ case 'pppoe':
+ $dst = "{$ppoesa}/{$pppoesn}";
+ break;
+ }
+ if (isset($rule['destination']['not'])) $dst = " !{$dst}";
+ }
+ } else if ($rule['destination']['address']) {
+ $expdst = alias_expand($rule['destination']['address']);
+
+ if (isset($rule['destination']['not']))
+ $not = "!";
+ else
+ $not = "";
+
+ if (stristr($expdst, "$")) {
+ if($not) {
+ $dst = "{";
+ foreach(preg_split("/[\s]+/", alias_expand_value($rule['destination']['address'])) as $item) {
+ if($item != "") {
+ $dst .= " {$not}{$item}";
+ }
+ }
+ /* added support for tables */
+ $dst .= " 0/0 }";
+ $dst_table = "<not" . $rule['destination']['address'] . ">";
+ }
+ else {
+ $dst = "{ {$not} " . alias_expand_value($rule['destination']['address']) . " } ";
+ $dst_table = "<" . $rule['destination']['address'] . ">";
+ }
+
+ /* support for tables */
+ $dst_table_line = "table $dst_table {$dst}\n";
+ $dst = $dst_table;
+ }
+ else
+ $dst = "{ {$not} {$expdst} }";
+ }
+
+ if (!$dst || ($dst == "/")) {
+ return "# returning at dst $dst == \"/\"";
+ }
+
+ $aline['dst'] = "to $dst ";
+
+ if (in_array($rule['protocol'], array("tcp","udp","tcp/udp"))) {
+
+ if ($rule['destination']['port']) {
+ $dstport = explode("-", $rule['destination']['port']);
+ if(alias_expand($dstport[0]))
+ $dstporta = alias_expand($dstport[0]);
+ else
+ $dstporta = $dstport[0];
+ if ((!$dstport[1]) || ($dstport[0] == $dstport[1])) {
+ if(alias_expand($dstport[0]))
+ $aline['dstport'] = "port {$dstporta} ";
+ else
+ $aline['dstport'] = "port = {$dstporta} ";
+ } else if (($dstport[0] == 1) && ($dstport[1] == 65535)) {
+ /* no need for a port statement here */
+ } else if ($dstport[1] == 65535) {
+ $aline['dstport'] = "port >= {$dstport[0]} ";
+ } else if ($dstport[0] == 1) {
+ $aline['dstport'] = "port <= {$dstport[1]} ";
+ } else {
+ $dstport[0]--;
+ $dstport[1]++;
+ $aline['dstport'] = "port {$dstport[0]} >< {$dstport[1]} ";
+ }
+ }
+ }
+
+ if (($rule['protocol'] == "icmp") && $rule['icmptype']) {
+ $aline['icmp-type'] = "icmp-type {$rule['icmptype']} ";
+ }
+
+ if ($type == "pass") {
+ if (isset($rule['allowopts']))
+ $aline['allowopts'] = " allow-opts ";
+ if( isset($rule['source-track']) or isset($rule['max-src-nodes']) or isset($rule['max-src-states']) )
+ if($rule['protocol'] == "tcp")
+ $aline['flags'] = "flags S/SA ";
+ /*
+ # keep state
+ works with TCP, UDP, and ICMP.
+ # modulate state
+ works only with TCP. pfSense will generate strong Initial Sequence Numbers (ISNs)
+ for packets matching this rule.
+ # synproxy state
+ proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods.
+ This option includes the functionality of keep state and modulate state combined.
+ # none
+ do not use state mechanisms to keep track. this is only useful if your doing advanced
+ queueing in certain situations. please check the faq.
+ */
+ $noadvoptions = false;
+ if(isset($rule['statetype']) && $rule['statetype'] <> "") {
+ switch($rule['statetype']) {
+ case "none":
+ $noadvoptions = true;
+ break;
+ case "modulate state":
+ case "synproxy state":
+ if($rule['protocol'] == "tcp")
+ $aline['flags'] = "{$rule['statetype']} ";
+ break;
+ default:
+ $aline['flags'] = "{$rule['statetype']} ";
+ }
+ } else {
+ $aline['flags'] = "keep state ";
+ }
+ if($noadvoptions == false)
+ if( isset($rule['source-track']) and $rule['source-track'] <> "" or
+ isset($rule['max-src-nodes']) and $rule['max-src-nodes'] <> "" or
+ isset($rule['max-src-conn-rate']) and $rule['max-src-conn-rate'] <> "" or
+ isset($rule['max-src-conn-rates']) and $rule['max-src-conn-rates'] <> "" or
+ isset($rule['max-src-states']) and $rule['max-src-states'] <> "" or
+ isset($rule['statetimeout']) and $rule['statetimeout'] <> "") {
+ $aline['flags'] .= "( ";
+ if(isset($rule['source-track']) and $rule['source-track'] <> "")
+ $aline['flags'] .= "source-track rule ";
+ if(isset($rule['max-src-nodes']) and $rule['max-src-nodes'] <> "")
+ $aline['flags'] .= "max-src-nodes " . $rule['max-src-nodes'] . " ";
+ if(isset($rule['max-src-states']) and $rule['max-src-states'] <> "")
+ $aline['flags'] .= "max-src-states " . $rule['max-src-states'] . " ";
+ if(isset($rule['statetimeout']) and $rule['statetimeout'] <> "")
+ $aline['flags'] .= "tcp.established " . $rule['statetimeout'] . " ";
+ if(isset($rule['max-src-conn-rate']) and $rule['max-src-conn-rate'] <> ""
+ and isset($rule['max-src-conn-rates']) and $rule['max-src-conn-rates'] <> "") {
+ $aline['flags'] .= "max-src-conn-rate " . $rule['max-src-conn-rate'] . " ";
+ $aline['flags'] .= "/" . $rule['max-src-conn-rates'] . ", overload <virusprot> flush global ";
+ }
+ $aline['flags'] .= " ) ";
+ }
+ }
+ if ($type == "reject" && $rule['protocol'] == "tcp") {
+ /* special reject packet */
+ $aline['flags'] .= "flags S/SA ";
+ }
+ }
+
+ /* cache entries */
+ if (isset($src_table))
+ if (isset($table_cache[$src_table])) {
+ if ($g['debug'])
+ echo "{$src_table} found in cache\n";
+ } else {
+ if ($g['debug'])
+ echo "{$src_table} NOT found in cache...adding\n";
+ $table_cache[$src_table] = $src_table_line;
+ }
+ if (isset($dst_table))
+ if (isset($table_cache[$dst_table])) {
+ if ($g['debug'])
+ echo "{$dst_table} found in cache\n";
+ } else {
+ if ($g['debug'])
+ echo "{$dst_table} NOT found in cache...adding\n";
+ $table_cache[$dst_table] = $dst_table_line;
+ }
+
+ /* exception(s) to a user rules can go here. */
+ /* rules with a gateway or pool should create another rule for routing to local networks or vpns */
+ /* we only trigger this for a rule with the destination of any and without a gateway */
+ if (($aline['route'] <> "") && ($aline['type'] == "pass") && ($dst == "any") && (! interface_has_gateway($aline['interface']))) {
+ /* negate VPN/PPTP/PPPoE networks for load balancer rules */
+ $vpns = " to <vpns> ";
+ $line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] . $aline['interface'] . $aline['prot'] .
+ $aline['src'] . $aline['srcport'] . $aline['os'] . $vpns . $aline['dstport'].
+ $aline['icmp-type'] . $aline['allowopts'] . $aline['flags'] .
+ " label \"NEGATE_ROUTE: Negate policy route for local network(s)\"\n";
+ }
+
+ /* piece together the actual user rule */
+ $line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] . $aline['interface'] . $aline['reply'] .
+ $aline['route'] . $aline['prot'] . $aline['src'] . $aline['srcport'] . $aline['os'] . $aline['dst'] .
+ $aline['dstport'] . $aline['icmp-type'] . $aline['allowopts'] . $aline['flags'];
+
+ /* is a time based rule schedule attached? */
+ if($rule['sched']) {
+ if($config['schedules']) {
+ foreach($config['schedules']['schedule'] as $sched) {
+ if($sched['name'] == $rule['sched'])
+ $schedule_xml_block = $sched;
+ $schedule_enabled = true;
+ }
+ }
+ if($schedule_xml_block)
+ $status = get_time_based_rule_status($schedule_xml_block);
+ if($status) {
+ if($g['debug'])
+ log_error("[TDR DEBUG] status true -- rule type '$type'");
+ if($type == "block") {
+ // active deny rules should deny
+ $ipfw_rule = tdr_create_ipfw_rule($rule, "deny");
+ tdr_install_rule($ipfw_rule);
+ } else {
+ // active allow rules should allow
+ $ipfw_rule = tdr_create_ipfw_rule($rule, "allow");
+ tdr_install_rule($ipfw_rule);
+ }
+ return "$line";
+ } else {
+ /* rule is turned off, if type == pass, deny traffic until
+ * active else allow traffic until active
+ */
+ if($type == "pass") {
+ // inactive pass rules should deny
+ $ipfw_rule = tdr_create_ipfw_rule($rule, "deny");
+ tdr_install_rule($ipfw_rule);
+ } else {
+ // inactive block rules should skipto
+ $ipfw_rule = tdr_create_ipfw_rule($rule, "skipto");
+ tdr_install_rule($ipfw_rule);
+ }
+ return "# $line";
+ }
+ } else {
+ if($schedule_enabled) {
+ // no schedule allow rules should simply allow
+ $ipfw_rule = tdr_create_ipfw_rule($rule, "allow");
+ tdr_install_rule($ipfw_rule);
+ }
+ return $line;
+ }
+}
+
+function filter_rules_generate() {
+ global $config, $g, $table_cache;
+
+ update_filter_reload_status("Creating default rules");
+
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "filter_rules_generate() being called $mt\n";
+ }
+
+ $wancfg = $config['interfaces']['wan'];
+ $lancfg = $config['interfaces']['lan'];
+ $pptpdcfg = $config['pptpd'];
+ $pppoecfg = $config['pppoe'];
+
+ $lanif = $lancfg['if'];
+ $wanif = get_real_wan_interface();
+
+ $lanip = $lancfg['ipaddr'];
+ $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']);
+ $lansn = $lancfg['subnet'];
+
+ $wanip = find_interface_ip(get_real_wan_interface());
+
+ if($lansa)
+ $lansa_sn_combo = "{$lansa}/{$lansn}";
+ else
+ $lansa_sn_combo = "192.168.1.1/32";
+
+ /* optional interfaces */
+ $optcfg = array();
+ generate_optcfg_array($optcfg);
+
+ if (is_package_installed('squid') && file_exists('/usr/local/pkg/squid.inc')) {
+ require_once('squid.inc');
+ $ipfrules .= squid_generate_rules('filter');
+ }
+
+ if (is_package_installed('clamav') && file_exists('/usr/local/pkg/clamav.inc')) {
+ require_once('clamav.inc');
+ $ipfrules .= clamav_generate_rules('filter');
+ }
+
+ if (is_package_installed('clamav') && file_exists('/usr/local/pkg/clamav.inc')) {
+ require_once('clamav.inc');
+ $ipfrules .= clamav_generate_rules('filter');
+ }
+
+ if (is_package_installed('frickin') && file_exists('/usr/local/pkg/frickin.inc')) {
+ require_once ('frickin.inc');
+ $ipfrules .= frickin_generate_rules('filter');
+ }
+
+ if (is_package_installed('siproxd') && file_exists('/usr/local/pkg/sipproxd.inc')) {
+ require_once('sipproxd.inc');
+ $ipfrules .= siproxd_generate_rules('filter');
+ }
+
+ /* if captive portal is enabled, ensure that access to this port
+ * is allowed on a locked down interface
+ */
+ if (isset($config['captiveportal']['enable'])) {
+ $cp_interface = $config['captiveportal']['interface'];
+ $cp_interface_real = convert_friendly_interface_to_real_interface_name($cp_interface);
+ $cp_interface_ip = find_interface_ip($cp_interface_real);
+ if($cp_interface_ip and $cp_interface_real)
+ $ipfrules .= "pass in quick on {$cp_interface_real} proto tcp from any to {$cp_interface_ip} port { 8000 8001 } keep state\n";
+ }
+
+ /* ftp-sesame */
+ $ipfrules .= "anchor \"ftpsesame/*\" \n";
+
+ # BEGIN OF firewall rules
+ $ipfrules .= "anchor \"firewallrules\"\n";
+
+ if ($pptpdcfg['mode'] == "server") {
+ $pptpip = $pptpdcfg['localip'];
+ $pptpsa = $pptpdcfg['remoteip'];
+ $pptpsn = $g['pptp_subnet'];
+ if($config['pptp']['pptp_subnet'] <> "")
+ $pptpsn = $config['pptp']['pptp_subnet'];
+ }
+
+ if ($pppoecfg['mode'] == "server") {
+ $pppoeip = $pppoecfg['localip'];
+ $pppoesa = $pppoecfg['remoteip'];
+ $pppoesn = $g['pppoe_subnet'];
+ if($config['pppoe']['pppoe_subnet'] <> "")
+ $pppoesn = $config['pppoe']['pppoe_subnet'];
+ }
+
+ /* default block logging? */
+ if (!isset($config['syslog']['nologdefaultblock']))
+ $log = "log";
+ else
+ $log = "";
+
+ $ipfrules .= <<<EOD
+
+# We use the mighty pf, we cannot be fooled.
+block quick proto { tcp, udp } from any port = 0 to any
+block quick proto { tcp, udp } from any to any port = 0
+
+# snort2c
+table <snort2c> persist
+block quick from <snort2c> to any label "Block snort2c hosts"
+block quick from any to <snort2c> label "Block snort2c hosts"
+
+# loopback
+anchor "loopback"
+pass in quick on \$loopback all label "pass loopback"
+pass out quick on \$loopback all label "pass loopback"
+
+# package manager early specific hook
+anchor "packageearly"
+
+
+# carp
+anchor "carp"
+
+EOD;
+
+if($wanip)
+ $ipfrules .= <<<EOD
+
+# permit wan interface to ping out (ping_hosts.sh)
+pass quick proto icmp from {$wanip} to any keep state
+
+EOD;
+
+ $ipfrules .= <<<EOD
+
+# NAT Reflection rules
+
+EOD;
+
+ if (isset($config['nat']['rule'])) {
+ $natrules .= "# NAT Inbound Redirects\n";
+
+ if(!isset($config['system']['disablenatreflection'])) {
+ //$fd = fopen("/var/etc/inetd.conf","w");
+ /* start redirects on port 19000 of localhost */
+ $starting_localhost_port = 18999;
+ }
+
+ foreach ($config['nat']['rule'] as $rule) {
+
+ update_filter_reload_status("Creating NAT rule {$rule['descr']}");
+
+ /* if item is an alias, expand */
+ if(alias_expand($rule['external-port']))
+ $extport[0] = alias_expand_value($rule['external-port']);
+ else
+ $extport = explode("-", $rule['external-port']);
+
+ /* if item is an alias, expand */
+ if(alias_expand($rule['local-port']))
+ $localport = "";
+ else
+ $localport = " port {$rule['local-port']}";
+
+ $target = alias_expand_host($rule['target']);
+
+ if (!$target)
+ continue; /* unresolvable alias */
+
+ if ($rule['external-address'])
+ if($rule['external-address'] <> "any")
+ $extaddr = $rule['external-address'] . "/32";
+ else
+ $extaddr = $rule['external-address'];
+ else
+ $extaddr = get_current_wan_address($rule['interface']);
+
+ if (!$rule['interface'] || ($rule['interface'] == "wan"))
+ $natif = $wanif;
+ else if($rule['interface'] == "\$pptp")
+ $natif = "pptp";
+ else if($rule['interface'] == "\$pppoe")
+ $natif = "pppoe";
+ else
+ $natif = $config['interfaces'][$rule['interface']]['if'];
+
+ $lanif = $lancfg['if'];
+
+ /*
+ * Expand aliases
+ * XXX: may want to integrate this into pf macros
+ */
+ if(alias_expand($target))
+ $target = alias_expand($target);
+ if(alias_expand($extaddr))
+ $extaddr = alias_expand($extaddr);
+
+ if(!isset($config['system']['disablenatreflection'])) {
+
+ /* if list */
+ $iflist = array("lan" => "LAN");
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++)
+ $iflist['opt' . $i] = "opt{$i}";
+
+ foreach ($iflist as $ifent => $ifname) {
+
+ /* do not process interfaces with gateways*/
+ if($config['interfaces'][$ifname]['gateway'] <> "")
+ continue;
+
+ /* do not process interfaces that will end up with gateways */
+ if($config['interfaces'][$ifname]['ipaddr'] == "dhcp" or
+ $config['interfaces'][$ifname]['ipaddr'] == "bigpond" or
+ $config['interfaces'][$ifname]['ipaddr'] == "pppoe" or
+ $config['interfaces'][$ifname]['ipaddr'] == "pptp")
+
+ continue;
+
+ $ifname_real = convert_friendly_interface_to_real_interface_name($ifname);
+
+ if($extport[1])
+ $range_end = ($extport[1]);
+ else
+ $range_end = ($extport[0]);
+
+ $range_end++;
+
+ if($rule['local-port'])
+ $lrange_start = $rule['local-port'];
+
+ if($range_end - $extport[0] > 500) {
+ $range_end = $extport[0]+1;
+ log_error("Not installing nat reflection rules for a port range > 500");
+ } else {
+ /* only install reflection rules for < 19991 items */
+ if($starting_localhost_port < 19991) {
+ $loc_pt = $lrange_start;
+ for($x=$extport[0]; $x<$range_end; $x++) {
+
+ $starting_localhost_port++;
+ $ifname_real = convert_friendly_interface_to_friendly_descr(strtolower($ifname));
+
+ switch($rule['protocol']) {
+ case "tcp/udp":
+ $protocol = "{ tcp udp }";
+ $ipfrules .= "pass in quick on \${$ifname_real} inet proto tcp from any to \$loopback port {$starting_localhost_port} keep state label \"NAT REFLECT: Allow traffic to localhost\"\n";
+ $starting_localhost_port++;
+ $ipfrules .= "pass in quick on \${$ifname_real} inet proto udp from any to \$loopback port {$starting_localhost_port} keep state label \"NAT REFLECT: Allow traffic to localhost\"\n";
+ break;
+ case "tcp":
+ case "udp":
+ $protocol = $rule['protocol'];
+ $ipfrules .= "pass in quick on \${$ifname_real} inet proto {$rule['protocol']} from any to \$loopback port {$starting_localhost_port} keep state label \"NAT REFLECT: Allow traffic to localhost\"\n";
+ break;
+ default:
+ break;
+ }
+ $loc_pt++;
+ if($starting_localhost_port > 19990) {
+ log_error("Not installing nat reflection rules. Maximum 1,000 reached.");
+ $x = $range_end+1;
+ }
+ }
+ }
+ }
+ }
+
+ }
+ }
+ }
+
+ $ipfrules .= <<<EOD
+
+# allow access to DHCP server on LAN
+anchor "dhcpserverlan"
+pass in quick on \$lan proto udp from any port = 68 to 255.255.255.255 port = 67 label "allow access to DHCP server on LAN"
+pass in quick on \$lan proto udp from any port = 68 to $lanip port = 67 label "allow access to DHCP server on LAN"
+pass out quick on \$lan proto udp from $lanip port = 67 to any port = 68 label "allow access to DHCP server on LAN"
+
+EOD;
+
+ /* allow access to DHCP server on optional interfaces */
+ foreach ($optcfg as $on => $oc) {
+ if ($config[interfaces][$on][ipaddr] == "dhcp" ) {
+ $friendly_on = filter_get_opt_interface_descr($on);
+ $ipfrules .= <<<EOD
+
+# Not installing DHCP server firewall rules for $friendly_on which is configured for DHCP.
+
+EOD;
+ } elseif (isset($config['dhcpd'][$on]['enable']) && (!$oc['bridge']) ||
+ ($oc['bridge'] && isset($config['dhcpd'][$oc['bridge']]['enable']))) {
+
+ $friendly_on = filter_get_opt_interface_descr($on);
+
+ $ipfrules .= <<<EOD
+
+# allow access to DHCP server on {$on}
+anchor "dhcpserver{$friendly_on}"
+pass in quick on \${$friendly_on} proto udp from any port = 68 to 255.255.255.255 port = 67 label "allow access to DHCP server"
+pass in quick on \${$friendly_on} proto udp from any port = 68 to {$oc['ip']} port = 67 label "allow access to DHCP server"
+pass out quick on \${$friendly_on} proto udp from {$oc['ip']} port = 67 to any port = 68 label "allow access to DHCP server"
+
+EOD;
+ }
+ }
+
+ /* pass traffic between statically routed subnets and the subnet on the
+ interface in question to avoid problems with complicated routing
+ topologies */
+ $sa = "";
+ if (isset($config['filter']['bypassstaticroutes']) && is_array($config['staticroutes']['route']) && count($config['staticroutes']['route'])) {
+ foreach ($config['staticroutes']['route'] as $route) {
+ unset($sa);
+ $friendly_int = convert_friendly_interface_to_friendly_descr($route['interface']);
+ if ($route['interface'] == "lan") {
+ $sa = $lansa;
+ $sn = $lansn;
+ $if = $lanif;
+ $friendly_int = "lan";
+ } else if (strstr($route['interface'], "opt")) {
+ $oc = $optcfg[$route['interface']];
+ if ($oc['ip']) {
+ $sa = $oc['sa'];
+ $sn = $oc['sn'];
+ $if = $oc['if'];
+ }
+ }
+
+ if ($sa) {
+ $ipfrules .= <<<EOD
+anchor "staticrouted"
+pass in quick on \${$friendly_int} from {$sa}/{$sn} to {$route['network']} label "pass traffic between statically routed subnets"
+pass in quick on \${$friendly_int} from {$route['network']} to {$sa}/{$sn} label "pass traffic between statically routed subnets"
+pass out quick on \${$friendly_int} from {$sa}/{$sn} to {$route['network']} label "pass traffic between statically routed subnets"
+pass out quick on \${$friendly_int} from {$route['network']} to {$sa}/{$sn} label "pass traffic between statically routed subnets"
+
+EOD;
+ }
+ }
+ }
+
+ /* install wan spoof check rule if lan address exists */
+ if($lansa) {
+ if(!isset($config['interfaces']['wan']['spoofmac'])) {
+ $ipfrules .= <<<EOD
+
+# WAN spoof check
+anchor "wanspoof"
+block in $log quick on \$wan from $lansa/$lansn to any label "WAN spoof check"
+
+EOD;
+
+ }
+ }
+
+ foreach ($optcfg as $oc) {
+ if (!$oc['bridge'])
+ if($oc['sa'] <> "")
+ if(isset($oc['enable']))
+ $ipfrules .= "block in $log quick on \$wan from {$oc['sa']}/{$oc['sn']} to any label \"interface spoof check\"\n";
+ }
+
+ /* allow PPTP traffic if PPTP client is enabled on WAN */
+ if ($wancfg['ipaddr'] == "pptp") {
+ $ipfrules .= <<<EOD
+
+# allow PPTP client
+anchor "pptpclient"
+pass in quick on \$wan proto gre from any to any modulate state label "allow PPTP client"
+pass in quick on \$wan proto gre from any to any modulate state label "allow PPTP client"
+pass in quick on \$wan proto tcp from any port = 1723 to any flags S/SA modulate state label "allow PPTP client"
+pass in quick on \$wan proto tcp from any to any port = 1723 flags S/SA modulate state label "allow PPTP client"
+
+EOD;
+ }
+
+ if ($wancfg['ipaddr'] == "dhcp") {
+
+ $ipfrules .= <<<EOD
+
+# allow our DHCP client out to the WAN
+anchor "wandhcp"
+pass out quick on \$wan proto udp from any port = 68 to any port = 67 label "allow dhcp client out wan"
+
+EOD;
+ }
+
+if($config['interfaces']['lan']['bridge'] <> "wan" and $config['interfaces']['wan']['bridge'] <> "lan")
+ $ipfrules .= "block in $log quick on \$wan proto udp from any port = 67 to {$lansa_sn_combo} port = 68 label \"block dhcp client out wan\"\n";
+
+ $ipfrules .= <<<EOD
+
+pass in quick on \$wan proto udp from any port = 67 to any port = 68 label "allow dhcp client out wan"
+
+# LAN/OPT spoof check (needs to be after DHCP because of broadcast addresses)
+
+EOD;
+
+ /* LAN spoof check */
+ $lanbridge = false;
+ foreach($config['interfaces'] as $int)
+ if($int['bridge'] == "lan")
+ $lanbridge = true;
+ if(!$lanbridge)
+ $ipfrules .= filter_rules_spoofcheck_generate('lan', $lanif, $lansa, $lansn, $log);
+ $wanbridge = false;
+ foreach($config['interfaces'] as $int)
+ if($int['bridge'] == "wan")
+ $lanbridge = true;
+ if($config['interfaces']['lan']['bridge'] == "wan")
+ $wanbridge = true;
+
+ /* OPT spoof check */
+ foreach ($optcfg as $on => $oc) {
+ $isbridged = false;
+ foreach ($optcfg as $on2 => $oc2) {
+ if ($oc2['bridge'] && $oc2['bridge'] == $on) {
+ $isbridged = true;
+ break;
+ }
+ }
+ if ($oc['ip'] && !(($oc['bridge'] || $isbridged) && isset($config['bridge']['filteringbridge'])))
+ $ipfrules .= filter_rules_spoofcheck_generate($on, $oc['if'], $oc['sa'], $oc['sn'], $log);
+ }
+
+ $ipfrules .= "\nanchor \"spoofing\"\n";
+
+ /* block private networks on WAN? */
+ if (isset($config['interfaces']['wan']['blockpriv'])) {
+ if($wanbridge == false) {
+ $ipfrules .= <<<EOD
+
+# block anything from private networks on WAN interface
+anchor "spoofing"
+antispoof for \$wan
+block in $log quick on \$wan from 10.0.0.0/8 to any label "block private networks from wan block 10/8"
+block in $log quick on \$wan from 127.0.0.0/8 to any label "block private networks from wan block 127/8"
+block in $log quick on \$wan from 172.16.0.0/12 to any label "block private networks from wan block 172.16/12"
+block in $log quick on \$wan from 192.168.0.0/16 to any label "block private networks from wan block 192.168/16"
+
+EOD;
+
+ }
+ }
+
+ /*
+ * Support for allow limiting of TCP connections by establishment rate
+ * Useful for protecting against sudden outburts, etc.
+ */
+ $ipfrules .= <<<EODF
+# Support for allow limiting of TCP connections by establishment rate
+anchor "limitingesr"
+table <virusprot>
+block in quick from <virusprot> to any label "virusprot overload table"
+
+EODF;
+
+ /* block bogon networks on WAN */
+ /* http://www.cymru.com/Documents/bogon-bn-nonagg.txt */
+ /* file is automatically in cron every 3000 minutes */
+ if (isset($config['interfaces']['wan']['blockbogons'])) {
+ $ipfrules .= <<<EOD
+
+# block bogon networks
+# http://www.cymru.com/Documents/bogon-bn-nonagg.txt
+anchor "wanbogons"
+table <bogons> persist file "/etc/bogons"
+block in $log quick on \$wan from <bogons> to any label "block bogon networks from wan"
+
+EOD;
+ }
+
+if (!isset($config['shaper']['enable']) && !is_array($config['shaper']['queue']) and $config['system']['shapertype'] <> "m0n0") {
+
+ $ipfrules .= <<<EOD
+
+# let out anything from the firewall host itself and decrypted IPsec traffic
+pass out quick on \$lan proto icmp keep state label "let out anything from firewall host itself"
+pass out quick on \$wan proto icmp keep state label "let out anything from firewall host itself"
+pass out quick on $wanif all keep state label "let out anything from firewall host itself"
+
+EOD;
+
+}
+
+ $ipfrules .= create_firewall_outgoing_rules_to_itself();
+
+ /* group heads for optional interfaces */
+ foreach ($optcfg as $on => $oc) {
+ $ipfrules .= <<<EOD
+
+
+# let out anything from the firewall host itself and decrypted IPsec traffic
+pass out quick on {$oc['if']} proto icmp keep state label "let out anything from firewall host itself"
+pass out quick on {$oc['if']} all keep state label "let out anything from firewall host itself"
+
+EOD;
+
+ }
+
+ if($config['interfaces']['wan']['ipaddr'] == "pppoe")
+ $ipfrules .= <<<EOD
+# permit wan interface to ping out (ping_hosts.sh)
+pass out quick on ng0 proto icmp keep state label "let out anything from firewall host itself"
+
+EOD;
+
+ if (!isset($config['system']['webgui']['noantilockout'])) {
+
+ if($lansa and $lansn) {
+
+ $ipfrules .= <<<EOD
+
+# make sure the user cannot lock himself out of the webGUI or SSH
+anchor "anti-lockout"
+pass in quick on $lanif from any to $lanip keep state label "anti-lockout web rule"
+
+EOD;
+ }
+ }
+
+ /* PPTPd enabled? */
+ if ($pptpdcfg['mode'] && ($pptpdcfg['mode'] != "off")) {
+
+ if ($pptpdcfg['mode'] == "server")
+ $pptpdtarget = get_current_wan_address();
+ else
+ $pptpdtarget = $pptpdcfg['redir'];
+
+ if($pptpdtarget) {
+ $ipfrules .= <<<EOD
+
+# PPTPd rules
+anchor "pptp"
+pass in quick on \$wan proto gre from any to $pptpdtarget keep state label "allow gre pptpd"
+pass in quick on \$wan proto tcp from any to $pptpdtarget port = 1723 modulate state label "allow pptpd {$pptpdtarget}"
+
+EOD;
+
+ } else {
+ /* this shouldnt ever happen but instead of breaking the clients ruleset
+ * log an error.
+ */
+ log_error("ERROR! PPTP enabled but could not resolve the \$pptpdtarget");
+ }
+ }
+
+ /* BigPond client enabled? */
+ if ($wancfg['ipaddr'] == "bigpond") {
+
+ $ipfrules .= <<<EOD
+
+# BigPond heartbeat rules
+anchor "bigpond"
+pass in quick proto udp from any to any port = 5050 keep state label "BigPond heartbeat"
+
+# package manager late specific hook
+anchor "packagelate"
+
+
+
+EOD;
+ }
+
+ $ipfrules .= "\n# SSH lockout\n";
+ $ipfrules .= "block in log proto tcp from <sshlockout> to any port 22 label \"sshlockout\"\n\n";
+
+ $ipfrules .= "anchor \"ftpproxy\"\n";
+ $ipfrules .= "anchor \"pftpx/*\"\n";
+
+ $ipfrules .= process_carp_rules();
+
+ if (isset($config['filter']['rule'])) {
+ /* Pre-cache all our rules so we only have to generate them once */
+ $rule_arr = array();
+ foreach ($config['filter']['rule'] as $rule) {
+ update_filter_reload_status("Pre-caching {$rule['descr']}...");
+ $line = "";
+ if (!isset($rule['disabled'])) {
+ if ($rule['interface'] == "pptp") {
+ /* we have a pptp rule but its turned off, ignore */
+ if(!$config['pptpd']['mode'] == "server")
+ continue;
+ $n_pptp_units = $g['n_pptp_units'];
+ if($config['pptp']['n_pptp_units'] <> "")
+ $nif = $config['pptp']['n_pptp_units'];
+ /*
+ * now that PPTP server are user rules, detect
+ * that user is setting the pptp server rule
+ * and setup for all netgraph interfaces
+ */
+ $rule_arr[] = generate_user_filter_rule_arr($rule, 0);
+ } else if($rule['interface'] == "pppoe") {
+ if(!$config['pppoe']['mode'] == "server")
+ continue;
+ $n_pppoe_units = $g['n_pppoe_units'];
+ if($config['pppoe']['n_pppoe_units'] <> "")
+ $nif = $config['pppoe']['n_pppoe_units'];
+ /*
+ * now that pppoe server are user rules, detect
+ * that user is setting the pppoe server rule
+ * and setup for all netgraph interfaces
+ */
+ $rule_arr[] = generate_user_filter_rule_arr($rule, 0);
+ } else {
+ $rule_arr[] = generate_user_filter_rule_arr($rule, 0);
+ }
+ }
+ }
+
+ $ipfrules .= "\n# User-defined aliases follow\n";
+ /* tables for aliases */
+ foreach($table_cache as $table) {
+ $ipfrules .= $table;
+ }
+
+ /* Shaper rules */
+ if (isset($config['shaper']['enable']) && is_array($config['shaper']['queue']) && isset($config['filter']['rule']) and $config['system']['shapertype'] <> "m0n0") {
+
+ $ipfrules .= "\n# Anchors for rules that might be matched by queues\n";
+
+ /* This is ugly, but we generate one anchor per queue */
+ foreach ($config['shaper']['queue'] as $queue) {
+ update_filter_reload_status("Creating filter anchor for {$queue['name']} ...");
+ /* Add anchor to rules */
+ $ipfrules .= "anchor {$queue['name']} tagged {$queue['name']}\n";
+ $ipfrules .= "load anchor {$queue['name']} from \"{$g['tmp_path']}/{$queue['name']}.rules\"\n";
+ /* Create rules for anchors */
+ $fd = fopen("{$g['tmp_path']}/{$queue['name']}.rules", "w");
+ /* aliases don't recurse to anchors */
+ $line = filter_generate_aliases();
+ fwrite($fd, $line);
+ foreach($rule_arr as $rule) {
+ if($rule['ackq'] != "")
+ $line = "{$rule['rule']} queue ({$queue['name']}, {$rule['ackq']}) {$rule['descr']}\n";
+ else
+ $line = "{$rule['rule']} queue {$queue['name']} {$rule['descr']}\n";
+ fwrite($fd, $line);
+ }
+ fclose($fd);
+ }
+ }
+
+ $ipfrules .= "\n# User-defined rules follow\n";
+ /* Generate user rule lines */
+ foreach($rule_arr as $rule) {
+ $line = "";
+ if (!isset($rule['disabled'])) {
+ $line = $rule['rule'];
+ if($line <> "") {
+ /* Add default queue if we're using the shaper */
+ if (isset($config['shaper']['enable']) && is_array($config['shaper']['queue']) and $config['system']['shapertype'] <> "m0n0") {
+ $defq = find_default_queue($rule['interface']);
+ $ackq = $rule['ackq'];
+ if (($defq != "") and ($ackq != ""))
+ $line .= " queue ({$defq}, {$ackq}) ";
+ }
+ /* label */
+ $line .= " {$rule['descr']}";
+ }
+ }
+ $line .= "\n";
+ $ipfrules .= $line;
+ }
+ }
+
+ update_filter_reload_status("Creating carp rules...");
+
+ $ipfrules .= "\n# VPN Rules\n";
+ $lan_ip = $config['interfaces']['lan']['ipaddr'];
+ $lan_subnet = $config['interfaces']['lan']['subnet'];
+ $wanif = get_real_wan_interface();
+ $wan_ip = find_interface_ip($wanif);
+ if($wan_ip) {
+ $internal_subnet = gen_subnet($lan_ip, $lan_subnet) . "/" . $config['interfaces']['lan']['subnet'];
+ /* Is IP Compression enabled? */
+ if(isset($config['ipsec']['ipcomp']))
+ exec("/sbin/sysctl net.inet.ipcomp.ipcomp_enable=1");
+ else
+ exec("/sbin/sysctl net.inet.ipcomp.ipcomp_enable=0");
+
+ /* build an interface collection */
+ $ifdescrs = array ("wan");
+ for ($j = 1; isset ($config['interfaces']['opt' . $j]); $j++) {
+ if(isset($config['interfaces']['opt' . $j]['enable']))
+ $ifdescrs['opt' . $j] = filter_get_opt_interface_descr("opt" . $j);
+ }
+
+ if(is_array($config['ipsec']['tunnel']) && isset($config['ipsec']['enable'])) {
+ foreach ($config['ipsec']['tunnel'] as $tunnel) {
+ if(isset($tunnel['disabled']))
+ continue;
+ update_filter_reload_status("Creating IPSEC tunnel items {$tunnel['descr']}...");
+ /* if tunnel is disabled, lets skip to next item */
+ $ipsec_ips = array(get_current_wan_address($tunnel['interface']));
+ /* is this a dynamic dns hostname? */
+ $remote_gateway = gethostbyname($tunnel['remote-gateway']);
+ if($remote_gateway == "")
+ $remote_gateway = $tunnel['remote-gateway'];
+ /* do not add items with blank remote_gateway */
+ if(!$remote_gateway) {
+ $ipfrules .= "# ERROR! Remote gateway not found on {$tunnel['remote-gateway']}\n";
+ continue;
+ }
+ $local_subnet = return_vpn_subnet($tunnel['local-subnet']);
+ foreach($ifdescrs as $iface) {
+ foreach($ipsec_ips as $interface_ip) {
+ if($iface == "wan")
+ $interface_ip = find_interface_ip(get_real_wan_interface());
+ else
+ $interface_ip = find_interface_ip(convert_friendly_interface_to_real_interface_name($iface));
+ if(!$interface_ip)
+ continue;
+ if(!$remote_gateway)
+ continue;
+ $ipfrules .= "pass out quick on \${$iface} proto udp from any to {$remote_gateway} port = 500 keep state label \"IPSEC: {$tunnel['descr']} - outbound isakmp\"\n";
+ $ipfrules .= "pass in quick on \${$iface} proto udp from {$remote_gateway} to any port = 500 keep state label \"IPSEC: {$tunnel['descr']} - inbound isakmp\"\n";
+ if ($tunnel['p2']['protocol'] == 'esp') {
+ $ipfrules .= "pass out quick on \${$iface} proto esp from any to {$remote_gateway} keep state label \"IPSEC: {$tunnel['descr']} - outbound esp proto\"\n";
+ $ipfrules .= "pass in quick on \${$iface} proto esp from {$remote_gateway} to any keep state label \"IPSEC: {$tunnel['descr']} - inbound esp proto\"\n";
+ }
+ if ($tunnel['p2']['protocol'] == 'ah') {
+ $ipfrules .= "pass out quick on \${$iface} proto ah from any to {$remote_gateway} keep state label \"IPSEC: {$tunnel['descr']} - outbound ah proto\"\n";
+ $ipfrules .= "pass in quick on \${$iface} proto ah from {$remote_gateway} to any keep state label \"IPSEC: {$tunnel['descr']} - inbound ah proto\"\n";
+ }
+ }
+ }
+ }
+ }
+
+ /* is mobile ipsec enabled? if so lets allow some pretty
+ * loose rules to allow mobile clients to phone in.
+ */
+ $ipseccfg = $config['ipsec'];
+ if (isset($ipseccfg['mobileclients']['enable'])) {
+ foreach($ifdescrs as $iface) {
+ $ipfrules .= "pass in quick on \${$iface} proto udp from any to any port = 500 keep state label \"IPSEC: Mobile - inbound isakmp\"\n";
+ $ipfrules .= "pass in quick on \${$iface} proto esp from any to any keep state label \"IPSEC: Mobile - inbound esp proto\"\n";
+ $ipfrules .= "pass in quick on \${$iface} proto ah from any to any keep state label \"IPSEC: Mobile - inbound ah proto\"\n";
+ }
+ }
+ }
+ $ipfrules .= <<<EOD
+
+pass in quick on $lanif inet proto tcp from any to \$loopback port 8021 keep state label "FTP PROXY: Allow traffic to localhost"
+pass in quick on $lanif inet proto tcp from any to \$loopback port 21 keep state label "FTP PROXY: Allow traffic to localhost"
+pass in quick on $wanif inet proto tcp from port 20 to ($wanif) port > 49000 flags S/SA keep state label "FTP PROXY: PASV mode data connection"
+
+EOD;
+
+ if(!isset($config['system']['disableftpproxy'])) {
+
+ $ipfrules .= "# enable ftp-proxy\n";
+
+ $optcfg = array();
+ generate_optcfg_array($optcfg);
+ $ftp_counter = "8022";
+ foreach($optcfg as $oc) {
+ if(!isset($oc['gateway']) && $oc['if'] <> "") {
+ $ipfrules .= "pass in quick on " . $oc['if'] . " inet proto tcp from any to \$loopback port {$ftp_counter} keep state label \"FTP PROXY: Allow traffic to localhost\"\n";
+ $ipfrules .= "pass in quick on " . $oc['if'] . " inet proto tcp from any to \$loopback port 21 keep state label \"FTP PROXY: Allow traffic to localhost\"\n";
+ }
+ $ftp_counter++;
+ }
+
+ if(isset($config['system']['rfc959workaround'])) {
+ $ipfrules .= <<<EODEOD
+
+# Fix sites that violate RFC 959 which specifies that the data connection
+# be sourced from the command port - 1 (typically port 20)
+# This workaround doesn't expose us to any extra risk as we'll still only allow
+# connections to the firewall on a port that ftp-proxy is listening on
+pass in quick on $wanif inet proto tcp from any to ($wanif) port > 49000 flags S/SA keep state label "FTP PROXY: RFC959 violation workaround"
+
+EODEOD;
+
+ $optcfg = array();
+ generate_optcfg_array($optcfg);
+ foreach($optcfg as $oc) {
+ if($oc['gateway'] <> "")
+ $ipfrules .= "pass in quick on {$oc['if']} inet proto tcp from any to ({$oc['if']}) port > 49000 flags S/SA keep state label \"FTP PROXY: RFC959 violation workaround\" \n";
+ }
+ }
+ }
+
+ $ipfrules .= <<<EOD
+
+# IMSpector
+anchor "imspector"
+
+# uPnPd
+anchor "miniupnpd"
+
+#---------------------------------------------------------------------------
+# default rules (just to be sure)
+#---------------------------------------------------------------------------
+block in $log quick all label "Default block all just to be sure."
+block out $log quick all label "Default block all just to be sure."
+
+EOD;
+
+ return $ipfrules;
+}
+
+function filter_rules_spoofcheck_generate($ifname, $if, $sa, $sn, $log) {
+
+ global $g, $config;
+
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "filter_rules_spoofcheck_generate() being called $mt\n";
+ }
+
+ $ipfrules = "antispoof for {$if}\n";
+
+ return $ipfrules;
+
+}
+
+function setup_logging_interfaces() {
+ global $config;
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "setup_logging_interfaces() being called $mt\n";
+ }
+ $rules = "";
+ $i = 0;
+ $ifdescrs = array('wan', 'lan');
+ for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) {
+ $ifdescrs['opt' . $j] = "opt" . $j;
+ }
+ foreach ($ifdescrs as $ifdescr => $ifname) {
+ /* do not work with tun interfaces */
+ if(stristr(filter_translate_type_to_real_interface($ifname), "tun") == true) continue;
+ $int = filter_translate_type_to_real_interface($ifname);
+ $rules .= "set loginterface {$int}\n";
+ }
+ return $rules;
+}
+
+function create_firewall_outgoing_rules_to_itself() {
+ global $config, $g;
+
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "create_firewall_outgoing_rules_to_itself() being called $mt\n";
+ }
+
+ $i = 0;
+ $rule .= "# pass traffic from firewall -> out\n";
+ $rule .= "anchor \"firewallout\"\n";
+ $ifdescrs = array('wan', 'lan');
+ for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++)
+ $ifdescrs['opt' . $j] = "opt" . $j;
+
+ /* go through primary and optional interfaces */
+ foreach ($ifdescrs as $ifdescr => $ifname) {
+ $return_gateway = $config['interfaces'][$ifname]['gateway'];
+ $ints = array();
+ $int = filter_translate_type_to_real_interface($ifname);
+ /* if the interface is pppoe, set the ng0 interface */
+ update_filter_reload_status("Creating IPSEC tunnel items {$tunnel['descr']}...");
+ $ip = find_interface_ip($int);
+ if ($config['interfaces'][$ifname]['ipaddr'] == "pppoe")
+ $int = " { " . filter_translate_type_to_real_interface($ifname) . " ng0 } ";
+ if (isset($config['shaper']['enable']) && is_array($config['shaper']['queue']) and $config['system']['shapertype'] <> "m0n0") {
+ $ackq = get_ack_queue($ifname);
+ $defq = find_default_queue($ifname);
+ /* Handle all tagged packets */
+ foreach ($config['shaper']['queue'] as $queue) {
+ if(!filter_is_queue_being_used_on_interface($queue['name'], $ifname, 'out'))
+ continue;
+ if ($ackq == "" || $defq == "") {
+ /* Shaper must not be enabled on this interface */
+ $q = "";
+ } else {
+ $q = "queue ({$queue['name']}, {$ackq})";
+ }
+ $rule .="pass out quick on {$int} all keep state tagged {$queue['name']} {$q} label \"let out anything from firewall host itself\"\n";
+ }
+ /* Handle untagged packets */
+ if ($ackq == "" || $defq == "") {
+ /* Shaper must not be enabled on this interface */
+ $q = "";
+ } else {
+ $q = "queue ({$defq}, {$ackq})";
+ }
+ $rule .="pass out quick on {$int} all keep state {$q} label \"let out anything from firewall host itself\"\n";
+ } else {
+ /* first add a rule for the real interface, then for ng0 */
+ $rule .="pass out quick on {$int} all keep state label \"let out anything from firewall host itself\"\n";
+ }
+ }
+
+ update_filter_reload_status("Setting up bridging items");
+ /* is bridging turned on? */
+ for($x=0; $x<10; $x++) {
+ if(does_interface_exist("bridge{$x}") == true)
+ $rule .="pass out quick on bridge{$x} all keep state label \"let out anything from firewall host itself\"\n";
+ }
+
+ update_filter_reload_status("Setting up pptp items");
+ if($config['pptpd']['mode'] == "server")
+ $rule .="pass out quick on \$pptp all keep state label \"let out anything from firewall host itself pptp\"\n";
+
+ update_filter_reload_status("Setting up pppoe items");
+ if($config['pppoe']['mode'] == "server")
+ $rule .="pass out quick on \$pppoe all keep state label \"let out anything from firewall host itself pppoe\"\n";
+
+ update_filter_reload_status("Setting up gif tunnels");
+ /* setup outgoing gif tunnels */
+ $number_of_gifs = find_last_gif_device();
+ $number_of_gifs++;
+ for($x=0; $x<$number_of_gifs; $x++) {
+ if(does_interface_exist("gif{$x}") == true)
+ $rule .="pass out quick on gif{$x} all keep state label \"let out anything from firewall host itself ipsec gif\"\n";
+ }
+
+ update_filter_reload_status("Setting up tun interfaces (openvpn)");
+ /* openvpn tun interfaces. check for 100. */
+ for($x=0; $x<100; $x++) {
+ if(does_interface_exist("tun{$x}") == true) {
+ $rule .="pass out quick on tun{$x} all keep state label \"let out anything from firewall host itself openvpn\"\n";
+ $friendlytunif = convert_real_interface_to_friendly_interface_name("tun{$x}");
+ /* If the interface has a gateway we do not add a pass in rule. */
+ /* Some people use a TUN tunnel with public IP as a Multiwan interface */
+ if(interface_has_gateway("tun{$x}")) {
+ $rule .= "# Not adding default pass in rule for interface $friendlytunif - tun{$x} with a gateway!";
+ } else {
+ $rule .="pass in quick on tun{$x} all keep state label \"let out anything from firewall host itself openvpn\"\n";
+ }
+ }
+ }
+ for($x=0; $x<100; $x++) {
+ if(does_interface_exist("tap{$x}") == true) {
+ $rule .="pass out quick on tap{$x} all keep state label \"let out anything from firewall host itself openvpn\"\n";
+ $friendlytapif = convert_real_interface_to_friendly_interface_name("tap{$x}");
+ /* If the interface has a gateway we do not add a pass in rule. */
+ /* Some people use a TAP tunnel with public IP as a Multiwan interface */
+ if(interface_has_gateway("tap{$x}")) {
+ $rule .= "# Not adding default pass in rule for interface $friendlytapif - tap{$x} with a gateway!";
+ } else {
+ $rule .="pass in quick on tap{$x} all keep state label \"let out anything from firewall host itself openvpn\"\n";
+ }
+ }
+ }
+
+ /* permit internal ipsec outbound traffic */
+ $rule .="pass out quick on \$enc0 keep state label \"IPSEC internal host to host\"";
+
+ return $rule;
+}
+
+function process_carp_nat_rules() {
+ global $g, $config;
+
+ update_filter_reload_status("Creating CARP NAT rules");
+
+ $wan_interface = get_real_wan_interface();
+
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "process_carp_nat_rules() being called $mt\n";
+ }
+ $lines = "";
+ if($config['installedpackages']['carp']['config'] != "")
+ foreach($config['installedpackages']['carp']['config'] as $carp) {
+ $ip = $carp['ipaddress'];
+ if($ip <> "any") {
+ $ipnet = "any";
+ } else {
+ $int = find_ip_interface($ip);
+ $carp_int = find_carp_interface($ip);
+ }
+ if($int != false and $int != $wan_interface) {
+ $ipnet = convert_ip_to_network_format($ip, $carp['netmask']);
+ if($int)
+ $lines .= "nat on {$int} inet from {$ipnet} to any -> ({$carp_int}) \n";
+ }
+ }
+ return $lines;
+}
+
+function process_carp_rules() {
+ global $g, $config;
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "process_carp_rules() being called $mt\n";
+ }
+ $lines = "";
+ /* return if there are no carp configured items */
+ if($config['installedpackages']['carpsettings']['config'] <> "" or
+ $config['virtualip']['vip'] <> "") {
+ $lines .= "pass quick proto carp\n";
+ $lines .= "pass quick proto pfsync";
+ }
+ return $lines;
+}
+
+function remove_special_characters($string) {
+ $match_array = "";
+ preg_match_all("/[a-zA-Z0-9\_\-]+/",$string,$match_array);
+ $string = "";
+ foreach($match_array[0] as $ma) {
+ if($string <> "")
+ $string .= " ";
+ $string .= $ma;
+ }
+ return $string;
+}
+
+function carp_sync_xml($url, $password, $sections, $port = 80, $method = 'pfsense.restore_config_section') {
+ global $config, $g;
+
+ if($g['booting'])
+ return;
+
+ update_filter_reload_status("Syncing CARP data to {$url}");
+
+ /* make a copy of config */
+ $config_copy = $config;
+
+ /* strip out nosync items */
+ for ($x = 0; $x < count($config_copy['nat']['advancedoutbound']['rule']); $x++) {
+ if (isset ($config_copy['nat']['advancedoutbound']['rule'][$x]['nosync']))
+ unset ($config_copy['nat']['advancedoutbound']['rule'][$x]);
+ $config_copy['nat']['advancedoutbound']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['advancedoutbound']['rule'][$x]['descr']);
+ }
+ for ($x = 0; $x < count($config_copy['nat']['rule']); $x++) {
+ if (isset ($config_copy['nat']['rule'][$x]['nosync']))
+ unset ($config_copy['nat']['rule'][$x]);
+ $config_copy['nat']['rule'][$x]['descr'] = remove_special_characters($config_copy['nat']['rule'][$x]['descr']);
+ }
+ for ($x = 0; $x < count($config_copy['filter']['rule']); $x++) {
+ if (isset ($config_copy['filter']['rule'][$x]['nosync']))
+ unset ($config_copy['filter']['rule'][$x]);
+ $config_copy['filter']['rule'][$x]['descr'] = remove_special_characters($config_copy['filter']['rule'][$x]['descr']);
+ }
+ for ($x = 0; $x < count($config_copy['aliases']['alias']); $x++) {
+ if (isset ($config_copy['aliases']['alias'][$x]['nosync']))
+ unset ($config_copy['aliases']['alias'][$x]);
+ $config_copy['aliases']['alias'][$x]['descr'] = remove_special_characters($config_copy['aliases']['alias'][$x]['descr']);
+ }
+ for ($x = 0; $x < count($config_copy['dnsmasq']['hosts']); $x++) {
+ if (isset ($config_copy['dnsmasq']['hosts'][$x]['nosync']))
+ unset ($config_copy['dnsmasq']['hosts'][$x]);
+ $config_copy['dnsmasq']['hosts'][$x]['descr'] = remove_special_characters($config_copy['dnsmasq']['hosts'][$x]['descr']);
+ }
+ for ($x = 0; $x < count($config_copy['virtualip']['vip']); $x++) {
+ if (isset ($config_copy['virtualip']['vip'][$x]['nosync']) or $config_copy['virtualip']['vip'][$x]['mode'] == "proxyarp")
+ unset ($config_copy['virtualip']['vip'][$x]);
+ $config_copy['virtualip']['vip'][$x]['descr'] = remove_special_characters($config_copy['virtualip']['vip'][$x]['descr']);
+ }
+ for ($x = 0; $x < count($config_copy['ipsec']['tunnel']); $x++) {
+ if (isset ($config_copy['ipsec']['tunnel'][$x]['nosync']))
+ unset ($config_copy['ipsec']['tunnel'][$x]);
+ $config_copy['ipsec']['tunnel'][$x]['descr'] = remove_special_characters($config_copy['ipsec']['tunnel'][$x]['descr']);
+ }
+
+ foreach($sections as $section) {
+ /* we can't use array_intersect_key()
+ due to the vip 'special case' */
+ if($section != 'virtualip') {
+ $xml[$section] = $config_copy[$section];
+ } else {
+ $xml[$section] = backup_vip_config_section();
+ }
+ }
+
+ $params = array(
+ XML_RPC_encode($password),
+ XML_RPC_encode($xml)
+ );
+
+ log_error("Beginning XMLRPC sync to {$url}:{$port}.");
+ $msg = new XML_RPC_Message($method, $params);
+ $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+ $cli->setCredentials('admin', $password);
+ if($g['debug']) $cli->setDebug(1);
+ /* send our XMLRPC message and timeout after 240 seconds */
+ $resp = $cli->send($msg, "240");
+ if(!$resp) {
+ $error = "A communications error occured while attempting XMLRPC sync with username admin {$url}:{$port}.";
+ log_error($error);
+ file_notice("sync_settings", $error, "Settings Sync", "");
+ } elseif($resp->faultCode()) {
+ $error = "An error code was received while attempting XMLRPC sync with username admin {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error($error);
+ file_notice("sync_settings", $error, "Settings Sync", "");
+ } else {
+ log_error("XMLRPC sync successfully completed with {$url}:{$port}.");
+ }
+}
+
+function carp_sync_client() {
+
+ global $config, $g;
+
+ update_filter_reload_status("Building CARP sync information");
+
+ if($g['booting'])
+ return;
+
+ if(is_array($config['installedpackages']['carpsettings']['config'])) {
+ foreach($config['installedpackages']['carpsettings']['config'] as $carp) {
+ if($carp['synchronizetoip'] != "" ) {
+ /*
+ * XXX: The way we're finding the port right now is really suboptimal -
+ * we can't assume that the other machine is setup identically.
+ */
+ if($config['system']['webgui']['protocol'] != "") {
+ $synchronizetoip = $config['system']['webgui']['protocol'];
+ $synchronizetoip .= "://";
+ }
+ $port = $config['system']['webgui']['port'];
+ /* if port is empty lets rely on the protocol selection */
+ if($port == "") {
+ if($config['system']['webgui']['protocol'] == "http") {
+ $port = "80";
+ } else {
+ $port = "443";
+ }
+ }
+ $synchronizetoip .= $carp['synchronizetoip'];
+ if($carp['synchronizerules'] != "" and is_array($config['filter'])) {
+ $sections[] = 'filter';
+ }
+ if($carp['synchronizenat'] != "" and is_array($config['nat'])) {
+ $sections[] = 'nat';
+ }
+ if($carp['synchronizealiases'] != "" and is_array($config['aliases'])) {
+ $sections[] = 'aliases';
+ }
+ if($carp['synchronizedhcpd'] != "" and is_array($config['dhcpd'])) {
+ $sections[] = 'dhcpd';
+ }
+ if($carp['synchronizewol'] != "" and is_array($config['wol'])) {
+ $sections[] = 'wol';
+ }
+ if($carp['synchronizetrafficshaper'] != "" and is_array($config['shaper'])) {
+ $sections[] = 'shaper';
+ }
+ if($carp['synchronizestaticroutes'] != "" and is_array($config['staticroutes'])) {
+ $sections[] = 'staticroutes';
+ }
+ if($carp['synchronizevirtualip'] != "" and is_array($config['virtualip'])) {
+ $sections[] = 'virtualip';
+ }
+ if($carp['synchronizelb'] != "" and is_array($config['load_balancer'])) {
+ $sections[] = 'load_balancer';
+ }
+ if($carp['synchronizeipsec'] != "" and is_array($config['ipsec'])) {
+ $sections[] = 'ipsec';
+ }
+ if($carp['synchronizednsforwarder'] != "" and is_array($config['dnsmasq'])) {
+ $sections[] = 'dnsmasq';
+ }
+ if($carp['synchronizeschedules'] != "" and is_array($config['schedules'])) {
+ $sections[] = 'schedules';
+ }
+ if(count($sections) > 0) {
+ update_filter_reload_status("Signaling CARP reload signal...");
+ carp_sync_xml($synchronizetoip, $carp['password'], $sections, $port);
+ $cli = new XML_RPC_Client('/xmlrpc.php', $synchronizetoip, $port);
+ $msg = new XML_RPC_Message('pfsense.filter_configure', array(new XML_RPC_Value($carp['password'], 'string')));
+ $cli->setCredentials('admin', $carp['password']);
+ $cli->send($msg, "900");
+ /* signal a carp reload */
+ $msg = new XML_RPC_Message('pfsense.interfaces_carp_configure');
+ $cli->send($msg, "900");
+ }
+ }
+ }
+ }
+
+}
+
+function return_vpn_subnet($adr) {
+ global $config;
+ if(isset($config['system']['developerspew'])) {
+ $mt = microtime();
+ echo "return_vpn_subnet() being called $mt\n";
+ }
+
+ if ($adr['address']) {
+ list($padr, $pmask) = explode("/", $adr['address']);
+ if (is_null($pmask))
+ return "{$padr}/32";
+ return "{$padr}/{$pmask}";
+ }
+
+ /* XXX: do not return wan, lan, etc */
+ if(strstr($adr['network'], "wan") or strstr($adr['network'], "lan") or strstr($adr['network'], "opt"))
+ return convert_ip_to_network_format($config['interfaces'][$adr['network']]['ipaddr'],
+ $config['interfaces'][$adr['network']]['subnet']);
+
+ /* fallback - error */
+ return " # error - {$adr['network']} ";
+
+}
+
+?>
diff --git a/config/igmpproxy/firewall_rules_edit.tmp b/config/igmpproxy/firewall_rules_edit.tmp
new file mode 100755
index 00000000..dfb40bc8
--- /dev/null
+++ b/config/igmpproxy/firewall_rules_edit.tmp
@@ -0,0 +1,879 @@
+<?php
+/* $Id: firewall_rules_edit.php,v 1.86.2.34.2.5 2007/11/20 00:29:07 cmb Exp $ */
+/*
+ firewall_rules_edit.php
+ part of pfSense (http://www.pfsense.com)
+ Copyright (C) 2005 Scott Ullrich (sullrich@gmail.com)
+
+ originally part of m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+$specialsrcdst = explode(" ", "any wanip lanip lan pptp pppoe");
+
+if (!is_array($config['filter']['rule'])) {
+ $config['filter']['rule'] = array();
+}
+filter_rules_sort();
+$a_filter = &$config['filter']['rule'];
+
+$id = $_GET['id'];
+if (is_numeric($_POST['id']))
+ $id = $_POST['id'];
+
+$after = $_GET['after'];
+
+if (isset($_POST['after']))
+ $after = $_POST['after'];
+
+if (isset($_GET['dup'])) {
+ $id = $_GET['dup'];
+ $after = $_GET['dup'];
+}
+
+if (isset($id) && $a_filter[$id]) {
+ $pconfig['interface'] = $a_filter[$id]['interface'];
+
+ if (!isset($a_filter[$id]['type']))
+ $pconfig['type'] = "pass";
+ else
+ $pconfig['type'] = $a_filter[$id]['type'];
+
+ if (isset($a_filter[$id]['protocol']))
+ $pconfig['proto'] = $a_filter[$id]['protocol'];
+ else
+ $pconfig['proto'] = "any";
+
+ if ($a_filter[$id]['protocol'] == "icmp")
+ $pconfig['icmptype'] = $a_filter[$id]['icmptype'];
+
+ address_to_pconfig($a_filter[$id]['source'], $pconfig['src'],
+ $pconfig['srcmask'], $pconfig['srcnot'],
+ $pconfig['srcbeginport'], $pconfig['srcendport']);
+
+ if($a_filter[$id]['os'] <> "")
+ $pconfig['os'] = $a_filter[$id]['os'];
+
+ address_to_pconfig($a_filter[$id]['destination'], $pconfig['dst'],
+ $pconfig['dstmask'], $pconfig['dstnot'],
+ $pconfig['dstbeginport'], $pconfig['dstendport']);
+
+ $pconfig['disabled'] = isset($a_filter[$id]['disabled']);
+ $pconfig['log'] = isset($a_filter[$id]['log']);
+ $pconfig['descr'] = $a_filter[$id]['descr'];
+
+ /* advanced */
+ if (isset($a_filter[$id]['allowopts']))
+ $pconfig['allowopts'] = true;
+ $pconfig['max-src-nodes'] = $a_filter[$id]['max-src-nodes'];
+ $pconfig['max-src-states'] = $a_filter[$id]['max-src-states'];
+ $pconfig['statetype'] = $a_filter[$id]['statetype'];
+ $pconfig['statetimeout'] = $a_filter[$id]['statetimeout'];
+
+ $pconfig['nosync'] = isset($a_filter[$id]['nosync']);
+
+ /* advanced - new connection per second banning*/
+ $pconfig['max-src-conn-rate'] = $a_filter[$id]['max-src-conn-rate'];
+ $pconfig['max-src-conn-rates'] = $a_filter[$id]['max-src-conn-rates'];
+
+ /* Multi-WAN next-hop support */
+ $pconfig['gateway'] = $a_filter[$id]['gateway'];
+
+ //schedule support
+ $pconfig['sched'] = $a_filter[$id]['sched'];
+
+} else {
+ /* defaults */
+ if ($_GET['if'])
+ $pconfig['interface'] = $_GET['if'];
+ $pconfig['type'] = "pass";
+ $pconfig['src'] = "any";
+ $pconfig['dst'] = "any";
+}
+
+if (isset($_GET['dup']))
+ unset($id);
+
+if ($_POST) {
+
+ if ($_POST['type'] == "reject" && $_POST['proto'] <> "tcp")
+ $input_errors[] = "Reject type rules only works when the protocol is set to TCP.";
+
+ if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp")) {
+ $_POST['srcbeginport'] = 0;
+ $_POST['srcendport'] = 0;
+ $_POST['dstbeginport'] = 0;
+ $_POST['dstendport'] = 0;
+ } else {
+
+ if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport'])
+ $_POST['srcbeginport'] = $_POST['srcbeginport_cust'];
+ if ($_POST['srcendport_cust'] && !$_POST['srcendport'])
+ $_POST['srcendport'] = $_POST['srcendport_cust'];
+
+ if ($_POST['srcbeginport'] == "any") {
+ $_POST['srcbeginport'] = 0;
+ $_POST['srcendport'] = 0;
+ } else {
+ if (!$_POST['srcendport'])
+ $_POST['srcendport'] = $_POST['srcbeginport'];
+ }
+ if ($_POST['srcendport'] == "any")
+ $_POST['srcendport'] = $_POST['srcbeginport'];
+
+ if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport'])
+ $_POST['dstbeginport'] = $_POST['dstbeginport_cust'];
+ if ($_POST['dstendport_cust'] && !$_POST['dstendport'])
+ $_POST['dstendport'] = $_POST['dstendport_cust'];
+
+ if ($_POST['dstbeginport'] == "any") {
+ $_POST['dstbeginport'] = 0;
+ $_POST['dstendport'] = 0;
+ } else {
+ if (!$_POST['dstendport'])
+ $_POST['dstendport'] = $_POST['dstbeginport'];
+ }
+ if ($_POST['dstendport'] == "any")
+ $_POST['dstendport'] = $_POST['dstbeginport'];
+ }
+
+ if (is_specialnet($_POST['srctype'])) {
+ $_POST['src'] = $_POST['srctype'];
+ $_POST['srcmask'] = 0;
+ } else if ($_POST['srctype'] == "single") {
+ $_POST['srcmask'] = 32;
+ }
+ if (is_specialnet($_POST['dsttype'])) {
+ $_POST['dst'] = $_POST['dsttype'];
+ $_POST['dstmask'] = 0;
+ } else if ($_POST['dsttype'] == "single") {
+ $_POST['dstmask'] = 32;
+ }
+
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ /* input validation */
+ $reqdfields = explode(" ", "type interface proto src dst");
+ $reqdfieldsn = explode(",", "Type,Interface,Protocol,Source,Destination");
+
+
+ if($_POST['statetype'] == "modulate state" or $_POST['statetype'] == "synproxy state") {
+ if( $_POST['proto'] != "tcp" )
+ $input_errors[] = "{$_POST['statetype']} is only valid with protocol tcp.";
+ if(($_POST['statetype'] == "synproxy state") && ($_POST['gateway'] != ""))
+ $input_errors[] = "{$_POST['statetype']} is only valid if the gateway is set to 'default'.";
+ }
+
+
+ if (!(is_specialnet($_POST['srctype']) || ($_POST['srctype'] == "single"))) {
+ $reqdfields[] = "srcmask";
+ $reqdfieldsn[] = "Source bit count";
+ }
+ if (!(is_specialnet($_POST['dsttype']) || ($_POST['dsttype'] == "single"))) {
+ $reqdfields[] = "dstmask";
+ $reqdfieldsn[] = "Destination bit count";
+ }
+
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if (!$_POST['srcbeginport']) {
+ $_POST['srcbeginport'] = 0;
+ $_POST['srcendport'] = 0;
+ }
+ if (!$_POST['dstbeginport']) {
+ $_POST['dstbeginport'] = 0;
+ $_POST['dstendport'] = 0;
+ }
+
+ if (($_POST['srcbeginport'] && !alias_expand($_POST['srcbeginport']) && !is_port($_POST['srcbeginport']))) {
+ $input_errors[] = "The start source port must be an alias or integer between 1 and 65535.";
+ }
+ if (($_POST['srcendport'] && !alias_expand($_POST['srcendport']) && !is_port($_POST['srcendport']))) {
+ $input_errors[] = "The end source port must be an alias or integer between 1 and 65535.";
+ }
+ if (($_POST['dstbeginport'] && !alias_expand($_POST['dstbeginport']) && !is_port($_POST['dstbeginport']))) {
+ $input_errors[] = "The start destination port must be an alias or integer between 1 and 65535.";
+ }
+ if (($_POST['dstendport'] && !alias_expand($_POST['dstbeginport']) && !is_port($_POST['dstendport']))) {
+ $input_errors[] = "The end destination port must be an alias or integer between 1 and 65535.";
+ }
+
+ /* if user enters an alias and selects "network" then disallow. */
+ if($_POST['srctype'] == "network") {
+ if(is_alias($_POST['src']))
+ $input_errors[] = "You must specify single host or alias for alias entries.";
+ }
+ if($_POST['dsttype'] == "network") {
+ if(is_alias($_POST['dst']))
+ $input_errors[] = "You must specify single host or alias for alias entries.";
+ }
+
+ if (!is_specialnet($_POST['srctype'])) {
+ if (($_POST['src'] && !is_ipaddroranyalias($_POST['src']))) {
+ $input_errors[] = "A valid source IP address or alias must be specified.";
+ }
+ if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
+ $input_errors[] = "A valid source bit count must be specified.";
+ }
+ }
+ if (!is_specialnet($_POST['dsttype'])) {
+ if (($_POST['dst'] && !is_ipaddroranyalias($_POST['dst']))) {
+ $input_errors[] = "A valid destination IP address or alias must be specified.";
+ }
+ if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
+ $input_errors[] = "A valid destination bit count must be specified.";
+ }
+ }
+
+ if ($_POST['srcbeginport'] > $_POST['srcendport']) {
+ /* swap */
+ $tmp = $_POST['srcendport'];
+ $_POST['srcendport'] = $_POST['srcbeginport'];
+ $_POST['srcbeginport'] = $tmp;
+ }
+ if ($_POST['dstbeginport'] > $_POST['dstendport']) {
+ /* swap */
+ $tmp = $_POST['dstendport'];
+ $_POST['dstendport'] = $_POST['dstbeginport'];
+ $_POST['dstbeginport'] = $tmp;
+ }
+ if ($_POST['os'])
+ if( $_POST['proto'] != "tcp" )
+ $input_errors[] = "OS detection is only valid with protocol tcp.";
+
+ if (!$input_errors) {
+ $filterent = array();
+ $filterent['type'] = $_POST['type'];
+ $filterent['interface'] = $_POST['interface'];
+
+ /* Advanced options */
+ if ($_POST['allowopts'] == "yes")
+ $filterent['allowopts'] = true;
+ else
+ unset($filterent['allowopts']);
+ $filterent['max-src-nodes'] = $_POST['max-src-nodes'];
+ $filterent['max-src-states'] = $_POST['max-src-states'];
+ $filterent['statetimeout'] = $_POST['statetimeout'];
+ $filterent['statetype'] = $_POST['statetype'];
+ $filterent['os'] = $_POST['os'];
+
+ /* Nosync directive - do not xmlrpc sync this item */
+ if($_POST['nosync'] <> "")
+ $filterent['nosync'] = true;
+ else
+ unset($filterent['nosync']);
+
+ /* unless both values are provided, unset the values - ticket #650 */
+ if($_POST['max-src-conn-rate'] <> "" and $_POST['max-src-conn-rates'] <> "") {
+ $filterent['max-src-conn-rate'] = $_POST['max-src-conn-rate'];
+ $filterent['max-src-conn-rates'] = $_POST['max-src-conn-rates'];
+ } else {
+ unset($filterent['max-src-conn-rate']);
+ unset($filterent['max-src-conn-rates']);
+ }
+
+ if ($_POST['proto'] != "any")
+ $filterent['protocol'] = $_POST['proto'];
+ else
+ unset($filterent['protocol']);
+
+ if ($_POST['proto'] == "icmp" && $_POST['icmptype'])
+ $filterent['icmptype'] = $_POST['icmptype'];
+ else
+ unset($filterent['icmptype']);
+
+ pconfig_to_address($filterent['source'], $_POST['src'],
+ $_POST['srcmask'], $_POST['srcnot'],
+ $_POST['srcbeginport'], $_POST['srcendport']);
+
+ pconfig_to_address($filterent['destination'], $_POST['dst'],
+ $_POST['dstmask'], $_POST['dstnot'],
+ $_POST['dstbeginport'], $_POST['dstendport']);
+
+ if ($_POST['disabled'])
+ $filterent['disabled'] = true;
+ else
+ unset($filterent['disabled']);
+ if ($_POST['log'])
+ $filterent['log'] = true;
+ else
+ unset($filterent['log']);
+ strncpy($filterent['descr'], $_POST['descr'], 52);
+
+ if ($_POST['gateway'] != "") {
+ $filterent['gateway'] = $_POST['gateway'];
+ }
+
+ if ($_POST['sched'] != "") {
+ $filterent['sched'] = $_POST['sched'];
+ }
+
+ if (isset($id) && $a_filter[$id])
+ $a_filter[$id] = $filterent;
+ else {
+ if (is_numeric($after))
+ array_splice($a_filter, $after+1, 0, array($filterent));
+ else
+ $a_filter[] = $filterent;
+ }
+
+ write_config();
+ touch($d_filterconfdirty_path);
+
+ header("Location: firewall_rules.php?if=" . $_POST['interface']);
+ exit;
+ }
+}
+
+$pgtitle = "Firewall: Rules: Edit";
+$closehead = false;
+
+$page_filename = "firewall_rules_edit.php";
+include("head.inc");
+
+?>
+
+</head>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle"><?=$pgtitle?></p>
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+
+<form action="firewall_rules_edit.php" method="post" name="iform" id="iform">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Action</td>
+ <td width="78%" class="vtable">
+ <select name="type" class="formfld">
+ <?php $types = explode(" ", "Pass Block Reject"); foreach ($types as $type): ?>
+ <option value="<?=strtolower($type);?>" <?php if (strtolower($type) == strtolower($pconfig['type'])) echo "selected"; ?>>
+ <?=htmlspecialchars($type);?>
+ </option>
+ <?php endforeach; ?>
+ </select>
+ <br/>
+ <span class="vexpl">
+ Choose what to do with packets that match the criteria specified below. <br/>
+ Hint: the difference between block and reject is that with reject, a packet (TCP RST or ICMP port unreachable for UDP) is returned to the sender, whereas with block the packet is dropped silently. In either case, the original packet is discarded. Reject only works when the protocol is set to either TCP or UDP (but not &quot;TCP/UDP&quot;) below.
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Disabled</td>
+ <td width="78%" class="vtable">
+ <input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
+ <strong>Disable this rule</strong><br />
+ <span class="vexpl">Set this option to disable this rule without removing it from the list.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Interface</td>
+ <td width="78%" class="vtable">
+ <select name="interface" class="formfld">
+<?php
+ $interfaces = array('wan' => 'WAN', 'lan' => 'LAN', 'pptp' => 'PPTP', 'pppoe' => 'PPPOE', 'enc0' => 'IPSEC');
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+ }
+ foreach ($interfaces as $iface => $ifacename): ?>
+ <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>><?=htmlspecialchars($ifacename);?></option>
+<?php endforeach; ?>
+ </select>
+ <br />
+ <span class="vexpl">Choose on which interface packets must come in to match this rule.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Protocol</td>
+ <td width="78%" class="vtable">
+ <select name="proto" class="formfld" onchange="proto_change()">
+<?php
+ $protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IGMP any carp pfsync");
+ foreach ($protocols as $proto): ?>
+ <option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option>
+<?php endforeach; ?>
+ </select>
+ <br />
+ <span class="vexpl">Choose which IP protocol this rule should match. <br /> Hint: in most cases, you should specify <em>TCP</em> &nbsp;here.</span>
+ </td>
+ </tr>
+ <tr id="icmpbox" name="icmpbox">
+ <td valign="top" class="vncell">ICMP type</td>
+ <td class="vtable">
+ <select name="icmptype" class="formfld">
+<?php
+ $icmptypes = array(
+ "" => "any",
+ "echorep" => "Echo reply",
+ "unreach" => "Destination unreachable",
+ "squench" => "Source quench",
+ "redir" => "Redirect",
+ "althost" => "Alternate Host",
+ "echoreq" => "Echo",
+ "routeradv" => "Router advertisement",
+ "routersol" => "Router solicitation",
+ "timex" => "Time exceeded",
+ "paramprob" => "Invalid IP header",
+ "timereq" => "Timestamp",
+ "timerep" => "Timestamp reply",
+ "inforeq" => "Information request",
+ "inforep" => "Information reply",
+ "maskreq" => "Address mask request",
+ "maskrep" => "Address mask reply"
+ );
+
+ foreach ($icmptypes as $icmptype => $descr): ?>
+ <option value="<?=$icmptype;?>" <?php if ($icmptype == $pconfig['icmptype']) echo "selected"; ?>><?=htmlspecialchars($descr);?></option>
+<?php endforeach; ?>
+ </select>
+ <br />
+ <span class="vexpl">If you selected ICMP for the protocol above, you may specify an ICMP type here.</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Source</td>
+ <td width="78%" class="vtable">
+ <input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>>
+ <strong>not</strong>
+ <br />
+ Use this option to invert the sense of the match.
+ <br />
+ <br />
+ <table border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <td>Type:&nbsp;&nbsp;</td>
+ <td>
+ <select name="srctype" class="formfld" onChange="typesel_change()">
+<?php
+ $sel = is_specialnet($pconfig['src']); ?>
+ <option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>>any</option>
+ <option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>Single host or alias</option>
+ <option value="network" <?php if (!$sel) echo "selected"; ?>>Network</option>
+ <option value="wanip" <?php if ($pconfig['src'] == "wanip") { echo "selected"; } ?>>WAN address</option>
+ <option value="lanip" <?php if ($pconfig['src'] == "lanip") { echo "selected"; } ?>>LAN address</option>
+ <option value="lan" <?php if ($pconfig['src'] == "lan") { echo "selected"; } ?>>LAN subnet</option>
+ <option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected"; } ?>>PPTP clients</option>
+ <option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected"; } ?>>PPPoE clients</option>
+<?php
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++): ?>
+ <option value="opt<?=$i;?>" <?php if ($pconfig['src'] == "opt" . $i) { echo "selected"; } ?>><?=htmlspecialchars($config['interfaces']['opt' . $i]['descr']);?> subnet</option>
+ <option value="opt<?=$i;?>ip"<?php if ($pconfig['src'] == "opt" . $i . "ip") { echo "selected"; } ?>>
+ <?=$config['interfaces']['opt' . $i]['descr']?> address
+ </option>
+<?php endfor; ?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td>Address:&nbsp;&nbsp;</td>
+ <td>
+ <input autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> /
+ <select name="srcmask" class="formfld" id="srcmask">
+<?php for ($i = 31; $i > 0; $i--): ?>
+ <option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option>
+<?php endfor; ?>
+ </select>
+ </td>
+ </tr>
+ </table>
+ <div id="showadvancedboxspr">
+ <p>
+ <input type="button" onClick="show_source_port_range()" value="Advanced"></input> - Show source port range</a>
+ </div>
+ </td>
+ </tr>
+ <tr style="display:none" id="sprtable" name="sprtable">
+ <td width="22%" valign="top" class="vncellreq">Source port range</td>
+ <td width="78%" class="vtable">
+ <table border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <td>from:&nbsp;&nbsp;</td>
+ <td>
+ <select name="srcbeginport" class="formfld" onchange="src_rep_change();ext_change()">
+ <option value="">(other)</option>
+ <option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
+<?php foreach ($wkports as $wkport => $wkportdesc): ?>
+ <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
+<?php endforeach; ?>
+ </select>
+ <input autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo $pconfig['srcbeginport']; ?>">
+ </td>
+ </tr>
+ <tr>
+ <td>to:</td>
+ <td>
+ <select name="srcendport" class="formfld" onchange="ext_change()">
+ <option value="">(other)</option>
+ <option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
+<?php foreach ($wkports as $wkport => $wkportdesc): ?>
+ <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
+<?php endforeach; ?>
+ </select>
+ <input autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo $pconfig['srcendport']; ?>">
+ </td>
+ </tr>
+ </table>
+ <br />
+ <span class="vexpl">Specify the port or port range for the source of the packet for this rule. This is usually not equal to the destination port range (and is often &quot;any&quot;). <br /> Hint: you can leave the <em>'to'</em> field empty if you only want to filter a single port</span><br/>
+ <span class="vexpl"><B>NOTE:</B> You will not need to enter anything here in 99.99999% of the circumstances. If you're unsure, do not enter anything here!</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Source OS</td>
+ <td width="78%" class="vtable">OS Type:&nbsp;
+ <select name="os" id="os" class="formfld">
+<?php
+ $ostypes = array(
+ "" => "any",
+ "AIX" => "AIX",
+ "Linux" => "Linux",
+ "FreeBSD" => "FreeBSD",
+ "NetBSD" => "NetBSD",
+ "OpenBSD" => "OpenBSD",
+ "Solaris" => "Solaris",
+ "MacOS" => "MacOS",
+ "Windows" => "Windows",
+ "Novell" => "Novell",
+ "NMAP" => "NMAP"
+ );
+
+ foreach ($ostypes as $ostype => $descr): ?>
+ <option value="<?=$ostype;?>" <?php if ($ostype == $pconfig['os']) echo "selected"; ?>><?=htmlspecialchars($descr);?></option>
+<?php endforeach; ?>
+ </select>
+ <br />
+ Note: this only works for TCP rules
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Destination</td>
+ <td width="78%" class="vtable">
+ <input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>>
+ <strong>not</strong>
+ <br />
+ Use this option to invert the sense of the match.
+ <br />
+ <br />
+ <table border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <td>Type:&nbsp;&nbsp;</td>
+ <td>
+ <select name="dsttype" class="formfld" onChange="typesel_change()">
+<?php
+ $sel = is_specialnet($pconfig['dst']); ?>
+ <option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>>any</option>
+ <option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>Single host or alias</option>
+ <option value="network" <?php if (!$sel) echo "selected"; ?>>Network</option>
+ <option value="wanip" <?php if ($pconfig['dst'] == "wanip") { echo "selected"; } ?>>WAN address</option>
+ <option value="lanip" <?php if ($pconfig['dst'] == "lanip") { echo "selected"; } ?>>LAN address</option>
+ <option value="lan" <?php if ($pconfig['dst'] == "lan") { echo "selected"; } ?>>LAN subnet</option>
+ <option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected"; } ?>>PPTP clients</option>
+ <option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected"; } ?>>PPPoE clients</option>
+<?php for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++): ?>
+ <option value="opt<?=$i;?>" <?php if ($pconfig['dst'] == "opt" . $i) { echo "selected"; } ?>><?=htmlspecialchars($config['interfaces']['opt' . $i]['descr']);?> subnet</option>
+ <option value="opt<?=$i;?>ip"<?php if ($pconfig['dst'] == "opt" . $i . "ip") { echo "selected"; } ?>>
+ <?=$config['interfaces']['opt' . $i]['descr']?> address
+ </option>
+<?php endfor; ?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td>Address:&nbsp;&nbsp;</td>
+ <td>
+ <input name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>">
+ /
+ <select name="dstmask" class="formfld" id="dstmask">
+<?php
+ for ($i = 31; $i > 0; $i--): ?>
+ <option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option>
+<?php endfor; ?>
+ </select>
+ </td>
+ </tr>
+ </table>
+
+ </td>
+ </tr>
+ <tr id="dprtr" name="dprtr">
+ <td width="22%" valign="top" class="vncellreq">Destination port range </td>
+ <td width="78%" class="vtable">
+ <table border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <td>from:&nbsp;&nbsp;</td>
+ <td>
+ <select name="dstbeginport" class="formfld" onchange="dst_rep_change();ext_change()">
+ <option value="">(other)</option>
+ <option value="any" <?php $bfound = 0; if ($pconfig['dstbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
+<?php foreach ($wkports as $wkport => $wkportdesc): ?>
+ <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected"; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option>
+<?php endforeach; ?>
+ </select>
+ <input autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo $pconfig['dstbeginport']; ?>">
+ </td>
+ </tr>
+ <tr>
+ <td>to:</td>
+ <td>
+ <select name="dstendport" class="formfld" onchange="ext_change()">
+ <option value="">(other)</option>
+ <option value="any" <?php $bfound = 0; if ($pconfig['dstendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
+<?php foreach ($wkports as $wkport => $wkportdesc): ?>
+ <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
+<?php endforeach; ?>
+ </select>
+ <input autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo $pconfig['dstendport']; ?>">
+ </td>
+ </tr>
+ </table>
+ <br />
+ <span class="vexpl">
+ Specify the port or port range for the destination of the packet for this rule.
+ <br />
+ Hint: you can leave the <em>'to'</em> field empty if you only want to filter a single port
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Log</td>
+ <td width="78%" class="vtable">
+ <input name="log" type="checkbox" id="log" value="yes" <?php if ($pconfig['log']) echo "checked"; ?>>
+ <strong>Log packets that are handled by this rule</strong>
+ <br />
+ <span class="vexpl">Hint: the firewall has limited local log space. Don't turn on logging for everything. If you want to do a lot of logging, consider using a remote syslog server (see the <a href="diag_logs_settings.php">Diagnostics: System logs: Settings</a> page).</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Advanced Options</td>
+ <td width="78%" class="vtable">
+ <div id="aoadv" name="aoadv">
+ <input type="button" onClick="show_aodiv();" value="Advanced"> - Show advanced options
+ </div>
+ <div id="aodivmain" name="aodivmain" style="display:none">
+ <input type="checkbox" id="allowopts" value="yes" name="allowopts"<?php if($pconfig['allowopts'] == true) echo " checked"; ?>>
+ <br/><span class="vexpl"><?=gettext("This allows packets with ip options to pass otherwise they are blocked by default i.e. with multicast routing/proxing.");?>
+
+ <input name="max-src-nodes" id="max-src-nodes" value="<?php echo $pconfig['max-src-nodes'] ?>"><br> Simultaneous client connection limit<p>
+ <input name="max-src-states" id="max-src-states" value="<?php echo $pconfig['max-src-states'] ?>"><br> Maximum state entries per host<p>
+ <input name="max-src-conn-rate" id="max-src-conn-rate" value="<?php echo $pconfig['max-src-conn-rate'] ?>"> /
+ <select name="max-src-conn-rates" id="max-src-conn-rates">
+ <option value=""<?php if(intval($pconfig['max-src-conn-rates']) < 1) echo " selected"; ?>></option>
+<?php for($x=1; $x<255; $x++) {
+ if($x == $pconfig['max-src-conn-rates']) $selected = " selected"; else $selected = "";
+ echo "<option value=\"{$x}\"{$selected}>{$x}</option>\n";
+ } ?>
+ </select><br />
+ Maximum new connections / per second
+ <p>
+
+ <input name="statetimeout" value="<?php echo $pconfig['statetimeout'] ?>"><br>
+ State Timeout in seconds
+ <p />
+
+ <p><strong>NOTE: Leave these fields blank to disable this feature.</strong>
+ </div>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">State Type</td>
+ <td width="78%" class="vtable">
+ <div id="showadvstatebox">
+ <input type="button" onClick="show_advanced_state()" value="Advanced"></input> - Show state</a>
+ </div>
+ <div id="showstateadv" style="display:none">
+ <select name="statetype">
+ <option value="keep state" <?php if(!isset($pconfig['statetype']) or $pconfig['statetype'] == "keep state") echo "selected"; ?>>keep state</option>
+ <option value="modulate state" <?php if($pconfig['statetype'] == "modulate state") echo "selected"; ?>>modulate state</option>
+ <option value="synproxy state"<?php if($pconfig['statetype'] == "synproxy state") echo "selected"; ?>>synproxy state</option>
+ <option value="none"<?php if($pconfig['statetype'] == "none") echo "selected"; ?>>none</option>
+ </select><br>HINT: Select which type of state tracking mechanism you would like to use. If in doubt, use keep state.
+ <p>
+ <table width="90%">
+ <tr><td width="25%"><ul><li>keep state</li></td><td>Works with all IP protocols.</ul></td></tr>
+ <tr><td width="25%"><ul><li>modulate state</li></td><td>Works only with TCP. pfSense will generate strong Initial Sequence Numbers (ISNs) for packets matching this rule.</li></ul></td></tr>
+ <tr><td width="25%"><ul><li>synproxy state</li></td><td>Proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.</ul></td></tr>
+ <tr><td width="25%"><ul><li>none</li></td><td>do not use state mechanisms to keep track. This is only useful if you're doing advanced queueing in certain situations. Please check the documentation.</ul></td></tr>
+ </table>
+ </p>
+ </div>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">No XMLRPC Sync</td>
+ <td width="78%" class="vtable">
+ <input type="checkbox" name="nosync"<?php if($pconfig['nosync']) echo " CHECKED"; ?>><br>
+ HINT: This prevents the rule from automatically syncing to other carp members.
+ </td>
+ </tr>
+ <?php
+ //build list of schedules
+ $schedules = array();
+ $schedules[] = "none";//leave none to leave rule enabled all the time
+ if(is_array($config['schedules']['schedule'])) {
+ foreach ($config['schedules']['schedule'] as $schedule) {
+ if ($schedule['name'] <> "")
+ $schedules[] = $schedule['name'];
+ }
+ }
+ ?>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Schedule</td>
+ <td width="78%" class="vtable">
+ <select name='sched'>
+<?php
+ foreach($schedules as $schedule) {
+ if($schedule == $pconfig['sched']) {
+ $selected = " SELECTED";
+ } else {
+ $selected = "";
+ }
+ if ($schedule == "none") {
+ echo "<option value=\"\" {$selected}>{$schedule}</option>\n";
+ } else {
+ echo "<option value=\"{$schedule}\" {$selected}>{$schedule}</option>\n";
+ }
+ }?>
+ </select>
+ <p>Leave as 'none' to leave the rule enabled all the time.</p>
+ <strong>NOTE: schedule logic can be a bit different. Click <a target="_new" href='firewall_rules_schedule_logic.php'>here</a> for more information.</strong>
+ </td>
+ </tr>
+
+<?php
+ /* build a list of gateways */
+ $gateways = array();
+ $gateways[] = "default"; // default to don't use this feature :)
+ foreach($config['interfaces'] as $int) {
+ if($int['gateway'] <> "")
+ $gateways[]=$int['gateway'];
+ }
+?>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Gateway</td>
+ <td width="78%" class="vtable">
+ <select name='gateway'>
+<?php
+ foreach($gateways as $gw) {
+ if($gw == "")
+ continue;
+ if($gw == $pconfig['gateway']) {
+ $selected = " SELECTED";
+ } else {
+ $selected = "";
+ }
+ if ($gw == "default") {
+ echo "<option value=\"\" {$selected}>{$gw}</option>\n";
+ } else {
+ echo "<option value=\"{$gw}\" {$selected}>{$gw}</option>\n";
+ }
+ }
+ if(is_array($config['load_balancer']['lbpool'])) {
+ foreach($config['load_balancer']['lbpool'] as $lb) {
+ if($lb['name'] == "")
+ continue;
+ if($pconfig['gateway'] == $lb['name']) {
+ echo "<option value=\"{$lb['name']}\" SELECTED>{$lb['name']}</option>\n";
+ } else {
+ echo "<option value=\"{$lb['name']}\">{$lb['name']}</option>\n";
+ }
+ }
+ }
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ if($config['interfaces']['opt' . $i]['ipaddr'] == "dhcp") {
+ $descr = $config['interfaces']['opt' . $i]['descr'];
+ if ($pconfig['gateway'] == "opt{$i}") {
+ $selected = " SELECTED";
+ } else {
+ $selected = "";
+ }
+ if($descr <> "")
+ echo "<option value=\"opt{$i}\" {$selected}>OPT{$i} - {$descr}</option>\n";
+ }
+ }
+?>
+ </select>
+ <p><strong>Leave as 'default' to use the system routing table. Or choose a gateway to utilize policy based routing.</strong></p>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Description</td>
+ <td width="78%" class="vtable">
+ <input name="descr" type="text" class="formfld" id="descr" size="52" maxlength="52" value="<?=htmlspecialchars($pconfig['descr']);?>">
+ <br />
+ <span class="vexpl">You may enter a description here for your reference (not parsed).</span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
+<?php if (isset($id) && $a_filter[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>">
+<?php endif; ?>
+ <input name="after" type="hidden" value="<?=$after;?>">
+ </td>
+ </tr>
+ </table>
+</form>
+<script language="JavaScript">
+<!--
+ ext_change();
+ typesel_change();
+ proto_change();
+
+<?php
+ $isfirst = 0;
+ $aliases = "";
+ $addrisfirst = 0;
+ $aliasesaddr = "";
+ if($config['aliases']['alias'] <> "" and is_array($config['aliases']['alias']))
+ foreach($config['aliases']['alias'] as $alias_name) {
+ if(!stristr($alias_name['address'], ".")) {
+ if($isfirst == 1) $aliases .= ",";
+ $aliases .= "'" . $alias_name['name'] . "'";
+ $isfirst = 1;
+ } else {
+ if($addrisfirst == 1) $aliasesaddr .= ",";
+ $aliasesaddr .= "'" . $alias_name['name'] . "'";
+ $addrisfirst = 1;
+ }
+ }
+?>
+
+ var addressarray=new Array(<?php echo $aliasesaddr; ?>);
+ var customarray=new Array(<?php echo $aliases; ?>);
+
+//-->
+</script>
+
+
+<?php include("fend.inc"); ?>
+</body>
+</html>
+
diff --git a/config/igmpproxy/igmpproxy.inc b/config/igmpproxy/igmpproxy.inc
new file mode 100644
index 00000000..4d0211b0
--- /dev/null
+++ b/config/igmpproxy/igmpproxy.inc
@@ -0,0 +1,86 @@
+<?php
+/*
+ igmpproxy.inc
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2009 Ermal Luçi
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+function igmpproxy_install() {
+
+ if (file_exists("/tmp/firewall_rules_edit.tmp"))
+ exec("/bin/cp /tmp/firewall_rules_edit.tmp /usr/local/www/firewall_rules_edit.php");
+ if (file_exists("/tmp/filter.tmp"))
+ exec("/bin/cp /tmp/filter.tmp /etc/inc/filter.inc");
+}
+
+function igmpproxy_resync() {
+ global $config, $g;
+
+ /* kill any running igmpproxy */
+ killbyname("igmpproxy");
+
+ $igmpconf = <<<EOD
+
+##------------------------------------------------------
+## Enable Quickleave mode (Sends Leave instantly)
+##------------------------------------------------------
+quickleave
+
+EOD;
+
+ if (!is_array($config['installedpackages']['igmpproxy']['config']))
+ return 0;
+
+ $igmpcfg =& $config['installedpackages']['igmpproxy']['config'];
+ foreach ($igmpcfg as $igmpcf) {
+ $realif = convert_friendly_interface_to_real_interface_name($igmpcf['igmpname']);
+ if (empty($igmpcf['igmpthreshold']))
+ $threshld = 1;
+ else
+ $threshld = $igmpcf['igmpthreshold'];
+ $igmpconf .= "phyint {$realif} {$igmpcf['igmptype']} ratelimit 0 threshold {$threshld}\n";
+
+ if (is_array($igmpcf['row'])) {
+ foreach ($igmpcf['row'] as $igmpaddr)
+ $igmpconf .= "altnet {$igmpaddr['igmpnetaddr']}\n";
+ }
+ $igmpconf .= "\n";
+ }
+
+ $igmpfl = fopen($g['tmp_path'] . "/igmpproxy.conf", "w");
+ if (!$igmpfl) {
+ log_error("Could not write Igmpproxy configuration file!");
+ return;
+ }
+ fwrite($igmpfl, $igmpconf);
+ fclose($igmpfl);
+
+ mwexec("/usr/local/sbin/igmpproxy -c " . $g['tmp_path'] . "/igmpproxy.conf");
+ log_error("Started Igmpproxy service sucsesfully.");
+
+ return 0;
+}
+
+?>
diff --git a/config/igmpproxy/igmpproxy.xml b/config/igmpproxy/igmpproxy.xml
new file mode 100644
index 00000000..5d6fee04
--- /dev/null
+++ b/config/igmpproxy/igmpproxy.xml
@@ -0,0 +1,160 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ igmpproxy.xml
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2009 Ermal Luci
+ All rights reserved.
+
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <name>igmpproxy</name>
+ <title>Services: IGMP proxy</title>
+ <include_file>/usr/local/pkg/igmpproxy.inc</include_file>
+ <menu>
+ <name>IGMP proxy</name>
+ <tooltiptext>Multicast proxy.</tooltiptext>
+ <section>Services</section>
+ <configfile>igmpproxy.xml</configfile>
+ </menu>
+ <service>
+ <name>igmpproxy</name>
+ <rcfile>igmpproxy.sh</rcfile>
+ <executable>igmpproxy</executable>
+ <description>IGMP(multicast) proxy.</description>
+ </service>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/igmpproxy/igmpproxy.inc</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://files.pfsense.org/packages/igmpproxy</item>
+ <prefix>/usr/local/sbin/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/igmpproxy/firewall_rules_edit.tmp</item>
+ <prefix>/tmp/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/igmpproxy/filter.tmp</item>
+ <prefix>/tmp/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/igmpproxy/igmpproxy.tbz</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <delete_string>An IGMP(multicast) proxy member has been deleted.</delete_string>
+ <addedit_string>An IGMP(multicast) proxy member has been created/modified.</addedit_string>
+ <adddeleteeditpagefields>
+ <columnitem>
+ <fieldname>igmpname</fieldname>
+ <fielddescr>Name</fielddescr>
+ </columnitem>
+ <columnitem>
+ <fieldname>igmptype</fieldname>
+ <fielddescr>Type</fielddescr>
+ </columnitem>
+ <columnitem>
+ <fieldname>description</fieldname>
+ <fielddescr>Description</fielddescr>
+ </columnitem>
+ </adddeleteeditpagefields>
+ <fields>
+ <field>
+ <fieldname>igmpname</fieldname>
+ <fielddescr>Interface</fielddescr>
+ <required/>
+ <type>interfaces_selection</type>
+ </field>
+ <field>
+ <fieldname>description</fieldname>
+ <fielddescr>Description</fielddescr>
+ <type>input</type>
+ </field>
+ <field>
+ <fieldname>igmptype</fieldname>
+ <fielddescr>Type</fielddescr>
+ <description>The upstream network interface is the outgoing interface which is
+ responsible for communicating to available multicast data sources.
+ There can only be one upstream interface.
+ Downstream network interfaces are the distribution interfaces to the
+ destination networks, where multicast clients can join groups and
+ receive multicast data. One or more downstream interfaces must be configured.</description>
+ <required/>
+ <type>select</type>
+ <options>
+ <option>
+ <value>upstream</value>
+ <name>Upstream Interface</name>
+ </option>
+ <option>
+ <value>downstream</value>
+ <name>Downstream Interface</name>
+ </option>
+ </options>
+ <default_value>upstream</default_value>
+ </field>
+ <field>
+ <fieldname>igmpthreshold</fieldname>
+ <fielddescr>Threshold</fielddescr>
+ <description>Defines the TTL threshold for the network interface. Packets
+ with a lower TTL than the threshols value will be ignored. This
+ setting is optional, and by default the threshold is 1.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fielddescr>Networks</fielddescr>
+ <fieldname>none</fieldname>
+ <type>rowhelper</type>
+ <rowhelper>
+ <rowhelperfield>
+ <fielddescr>Network Address</fielddescr>
+ <type>input</type>
+ <size>25</size>
+ <fieldname>igmpnetaddr</fieldname>
+ </rowhelperfield>
+ </rowhelper>
+ </field>
+ </fields>
+ <custom_php_resync_config_command>
+ igmpproxy_resync();
+ </custom_php_resync_config_command>
+ <custom_php_install_command>
+ igmpproxy_install();
+ </custom_php_install_command>
+</packagegui>
diff --git a/config/nrpe2/nrpe2.inc b/config/nrpe2/nrpe2.inc
new file mode 100644
index 00000000..b4948799
--- /dev/null
+++ b/config/nrpe2/nrpe2.inc
@@ -0,0 +1,188 @@
+<?php
+
+/**
+ * Author: Erik Kristensen
+ * Email: erik@erikkristensen.com
+ *
+ * Developed for: pfSense.com
+ *
+ * Copyright (c) 2009, pfSense.com
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in thedocumentation and/or other materials provided with the distribution.
+ * Neither the name of the <ORGANIZATION> nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+require('filter.inc');
+
+function nrpe2_custom_php_install_command()
+{
+ global $g, $config;
+ conf_mount_rw();
+
+ $ip = $config['interfaces']['lan']['ipaddr'];
+
+ $config['installedpackages']['nrpe2']['config'][0]['enabled'] = TRUE;
+ $config['installedpackages']['nrpe2']['config'][0]['server_address'] = $ip;
+ $config['installedpackages']['nrpe2']['config'][0]['server_port'] = 5666;
+ $config['installedpackages']['nrpe2']['config'][0]['allowed_hosts'] = "127.0.0.1";
+
+ $config['installedpackages']['nrpe2']['config'][0]['row'] = array(
+ 0 => array(
+ 'name' => 'check_users',
+ 'command' => 'check_users',
+ 'warning' => '5',
+ 'critical' => '10'
+ ),
+ 1 => array(
+ 'name' => 'check_load',
+ 'command' => 'check_load',
+ 'warning' => '15,10,5',
+ 'critical' => '30,25,20',
+ ),
+ 2 => array(
+ 'name' => 'check_root',
+ 'command' => 'check_disk',
+ 'warning' => '20%',
+ 'critical' => '10%',
+ 'extra' => '-p /'
+ ),
+ 3 => array(
+ 'name' => 'check_var',
+ 'command' => 'check_disk',
+ 'warning' => '20%',
+ 'critical' => '10%',
+ 'extra' => '-p /var/run'
+ ),
+ 4 => array(
+ 'name' => 'check_zombie_procs',
+ 'command' => 'check_procs',
+ 'warning' => '5',
+ 'critical' => '10',
+ 'extra' => '-s Z'
+ ),
+ 5 => array(
+ 'name' => 'check_total_procs',
+ 'command' => 'check_procs',
+ 'warning' => '150',
+ 'critical' => '200'
+ )
+ );
+
+ $fd = fopen('/usr/local/etc/rc.d/nrpe2', 'w');
+ $rc_file = <<<EOD
+#!/bin/sh
+#
+# $FreeBSD: ports/net-mgmt/nrpe2/files/nrpe2.in,v 1.3 2008/12/25 20:24:43 miwi Exp $
+#
+
+# PROVIDE: nrpe2
+# REQUIRE: NETWORKING
+# KEYWORD: shutdown
+
+#
+# Add the following lines to /etc/rc.conf to enable nrpe2:
+# nrpe2_enable (bool): Set to "NO" by default.
+# Set it to "YES" to enable nrpe2.
+# nrpe2_flags (str): Set to "" by default.
+# nrpe2_configfile (str): Set to "/usr/local/etc/nrpe.cfg" by default.
+# nrpe2_pidfile (str): Set to "/var/spool/nagios/nrpe2.pid" by default.
+#
+
+. /etc/rc.subr
+
+nrpe2_enable=\${nrpe2_enable-"YES"}
+name="nrpe2"
+rcvar=`set_rcvar`
+
+command="/usr/local/sbin/nrpe2"
+command_args="-d"
+extra_commands="reload"
+
+sig_reload=HUP
+
+[ -z "\${nrpe2_flags}" ] && nrpe2_flags=""
+[ -z "\${nrpe2_configfile}" ] && nrpe2_configfile="/usr/local/etc/nrpe.cfg"
+[ -z "\${nrpe2_pidfile}" ] && nrpe2_pidfile="/var/run/nrpe2.pid"
+
+load_rc_config "\${name}"
+
+pidfile="\${nrpe2_pidfile}"
+
+required_files="\${nrpe2_configfile}"
+command_args="\${command_args} -c \${nrpe2_configfile}"
+
+run_rc_command "$1"
+EOD;
+ fwrite($fd, $rc_file);
+ fclose($fd);
+
+ conf_mount_ro();
+}
+
+function nrpe2_custom_php_deinstall_command()
+{
+ global $g, $config;
+ conf_mount_rw();
+
+ conf_mount_ro();
+}
+
+function nrpe2_custom_php_write_config()
+{
+ global $g, $config;
+
+ foreach ($config['installedpackages']['nrpe2']['config'][0]['row'] as $cmd)
+ {
+ $cmds[] = "command[{$cmd['name']}]=/usr/local/libexec/nagios/{$cmd['command']} -w {$cmd['warning']} -c {$cmd['critical']} {$cmd['extra']}\n";
+ }
+ $commands = implode($cmds);
+
+ $server_port = $config['installedpackages']['nrpe2']['config'][0]['server_port'];
+ $server_address = $config['installedpackages']['nrpe2']['config'][0]['server_address'];
+ $allowed_hosts = $config['installedpackages']['nrpe2']['config'][0]['allowed_hosts'];
+
+ $fd = fopen('/usr/local/etc/nrpe.cfg', 'w');
+ $nrpe_cfg = <<<EOD
+log_facility=daemon
+pid_file=/var/run/nrpe2.pid
+server_port={$server_port}
+server_address={$server_address}
+nrpe_user=nagios
+nrpe_group=nagios
+allowed_hosts={$allowed_hosts}
+dont_blame_nrpe=0
+debug=0
+command_timeout=60
+connection_timeout=300
+{$commands}
+EOD;
+ fwrite($fd, $nrpe_cfg);
+ fclose($fd);
+}
+
+function nrpe2_custom_php_service()
+{
+ global $g, $config;
+
+ if ($config['installedpackages']['nrpe2']['config'][0]['enabled'] == "on")
+ {
+ exec("/usr/local/etc/rc.d/nrpe2 restart");
+ }
+ else
+ {
+ exec("/usr/local/etc/rc.d/nrpe2 stop");
+ }
+}
+
+?> \ No newline at end of file
diff --git a/config/nrpe2/nrpe2.xml b/config/nrpe2/nrpe2.xml
new file mode 100644
index 00000000..723bbba9
--- /dev/null
+++ b/config/nrpe2/nrpe2.xml
@@ -0,0 +1,166 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<packagegui>
+ <description>Nagios NRPEv2</description>
+ <requirements>Describe your package requirements here</requirements>
+ <name>nrpe2</name>
+ <version>2.11</version>
+ <title>NRPEv2</title>
+ <aftersaveredirect>/pkg_edit.php?xml=nrpe2.xml&amp;id=0</aftersaveredirect>
+ <include_file>/usr/local/pkg/nrpe2.inc</include_file>
+ <menu>
+ <name>NRPEv2</name>
+ <tooltiptext></tooltiptext>
+ <section>Services</section>
+ <url>/pkg_edit.php?xml=nrpe2.xml&amp;id=0</url>
+ </menu>
+ <service>
+ <name>NRPEv2</name>
+ <rcfile>nrpe2</rcfile>
+ <executable>nrpe2</executable>
+ <description>Nagios NRPE Daemon</description>
+ </service>
+ <configpath>installedpackages->package->nrpe2</configpath>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/nrpe2/nrpe2.inc</item>
+ </additional_files_needed>
+ <fields>
+ <field>
+ <type>listtopic</type>
+ <name>NRPE Options</name>
+ <fieldname>temp</fieldname>
+ </field>
+ <field>
+ <fielddescr>Enabled</fielddescr>
+ <fieldname>enabled</fieldname>
+ <description>Check this to enable NRPE daemon</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <type>listtopic</type>
+ <name>Configuration Options</name>
+ <fieldname>temp</fieldname>
+ </field>
+ <field>
+ <fielddescr>Port Number</fielddescr>
+ <fieldname>server_port</fieldname>
+ <description>Port number we should wait for connections on. (Default: 5666)</description>
+ <type>input</type>
+ <required/>
+ </field>
+ <field>
+ <fielddescr>Bind IP Address</fielddescr>
+ <fieldname>server_address</fieldname>
+ <description>Set this to the IP address of the interface you want the daemon to listen on.</description>
+ <type>input</type>
+ <required/>
+ </field>
+ <field>
+ <fielddescr>Nagios Server(s)</fielddescr>
+ <fieldname>allowed_hosts</fieldname>
+ <description>IP Address of Nagios server, usualy a single IP, but if multiple delimit by comma</description>
+ <type>input</type>
+ <required/>
+ </field>
+ <field>
+ <type>listtopic</type>
+ <name>Commands</name>
+ <fieldname>temp</fieldname>
+ </field>
+ <field>
+ <fielddescr>Command Definitions that the Nagios server can call via the NRPE daemon.</fielddescr>
+ <fieldname>none</fieldname>
+ <type>rowhelper</type>
+ <rowhelper>
+ <rowhelperfield>
+ <fielddescr>Name (Allowed Characters: a-zA-Z_)</fielddescr>
+ <fieldname>name</fieldname>
+ <type>input</type>
+ <size>20</size>
+ <required/>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Command</fielddescr>
+ <fieldname>command</fieldname>
+ <type>select</type>
+ <options>
+ <option><name></name><value></value></option>
+ <option><name>check_dhcp</name><value>check_dhcp</value></option>
+ <option><name>check_dig</name><value>check_dig</value></option>
+ <option><name>check_disk</name><value>check_disk</value></option>
+ <option><name>check_dns</name><value>check_dns</value></option>
+ <option><name>check_file_age</name><value>check_file_age</value></option>
+ <option><name>check_http</name><value>check_http</value></option>
+ <option><name>check_icmp</name><value>check_icmp</value></option>
+ <option><name>check_ifoperstatus</name><value>check_ifoperstatus</value></option>
+ <option><name>check_ifstatus</name><value>check_ifstatus</value></option>
+ <option><name>check_load</name><value>check_load</value></option>
+ <option><name>check_log</name><value>check_log</value></option>
+ <option><name>check_nntp</name><value>check_nntp</value></option>
+ <option><name>check_nntps</name><value>check_nntps</value></option>
+ <option><name>check_ntp</name><value>check_ntp</value></option>
+ <option><name>check_ntp_peer</name><value>check_ntp_peer</value></option>
+ <option><name>check_ntp_time</name><value>check_ntp_time</value></option>
+ <option><name>check_oracle</name><value>check_oracle</value></option>
+ <option><name>check_ping</name><value>check_ping</value></option>
+ <option><name>check_procs</name><value>check_procs</value></option>
+ <option><name>check_rpc</name><value>check_rpc</value></option>
+ <option><name>check_ssh</name><value>check_ssh</value></option>
+ <option><name>check_swap</name><value>check_swap</value></option>
+ <option><name>check_tcp</name><value>check_tcp</value></option>
+ <option><name>check_time</name><value>check_time</value></option>
+ <option><name>check_udp</name><value>check_udp</value></option>
+ <option><name>check_ups</name><value>check_ups</value></option>
+ <option><name>check_users</name><value>check_users</value></option>
+ </options>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Warning Level</fielddescr>
+ <fieldname>warning</fieldname>
+ <description>At which level do you want a warning to be alerted on?</description>
+ <type>input</type>
+ <size>15</size>
+ <required/>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Critical Level</fielddescr>
+ <fieldname>critical</fieldname>
+ <description>At which level do you want a warning to be alerted on?</description>
+ <type>input</type>
+ <size>15</size>
+ <required/>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Extra Options</fielddescr>
+ <fieldname>extra</fieldname>
+ <description>Warning! Use at your own risk, incorrect settings here may prevent NRPE from starting!</description>
+ <type>input</type>
+ <size>25</size>
+ </rowhelperfield>
+ </rowhelper>
+ </field>
+ </fields>
+ <custom_delete_php_command>
+ nrpe2_custom_php_write_config();
+ nrpe2_custom_php_service();
+ </custom_delete_php_command>
+ <custom_add_php_command>
+ nrpe2_custom_php_write_config();
+ nrpe2_custom_php_service();
+ </custom_add_php_command>
+ <custom_php_install_command>
+ nrpe2_custom_php_install_command();
+ nrpe2_custom_php_write_config();
+ nrpe2_custom_php_service();
+ </custom_php_install_command>
+ <custom_php_deinstall_command>
+ nrpe2_custom_php_deinstall_command();
+ nrpe2_custom_php_write_config();
+ </custom_php_deinstall_command>
+ <custom_php_resync_config_command>
+ </custom_php_resync_config_command>
+ <custom_php_command_before_form>
+ unset($_POST['temp']);
+ </custom_php_command_before_form>
+</packagegui>
diff --git a/config/nut/nut.inc b/config/nut/nut.inc
index a8465dce..987dbe83 100644
--- a/config/nut/nut.inc
+++ b/config/nut/nut.inc
@@ -172,6 +172,7 @@
$remoteaddr = nut_config('remoteaddr');
$remoteuser = nut_config('remoteuser');
$remotepass = nut_config('remotepass');
+ $shutdownflag = (nut_config('powerdown') == 'on') ? '-p' : '-h';
if(!($remotename && $remoteaddr && $remoteuser && $remotepass))
return false;
@@ -180,7 +181,7 @@
$upsmon_conf = <<<EOD
MONITOR {$remotename}@{$remoteaddr} 1 {$remoteuser} {$remotepass} slave
MINSUPPLIES 1
-SHUTDOWNCMD "/sbin/shutdown -h +0"
+SHUTDOWNCMD "/sbin/shutdown {$shutdownflag} +0"
POWERDOWNFLAG /etc/killpower
EOD;
@@ -218,6 +219,8 @@ EOD;
$allowaddr = nut_config('allowaddr');
$allowuser = nut_config('allowuser');
$allowpass = nut_config('allowpass');
+ $shutdownflag = (nut_config('powerdown') == 'on') ? '-p' : '-h';
+
if(!($name && $driver && $port))
return false;
@@ -276,7 +279,7 @@ EOD;
$upsmon_conf = <<<EOD
MONITOR {$name}@localhost 1 monuser mypass master
MINSUPPLIES 1
-SHUTDOWNCMD "/sbin/shutdown -h +0"
+SHUTDOWNCMD "/sbin/shutdown {$shutdownflag} +0"
POWERDOWNFLAG /etc/killpower
EOD;
diff --git a/config/nut/nut.xml b/config/nut/nut.xml
index fdaa6295..0bd91adf 100644
--- a/config/nut/nut.xml
+++ b/config/nut/nut.xml
@@ -468,6 +468,11 @@
</options>
</field>
<field>
+ <fielddescr>Power Down Instead of Halt</fielddescr>
+ <fieldname>powerdown</fieldname>
+ <type>checkbox</type>
+ </field>
+ <field>
<fielddescr>Local Remote Access Address &lt;br&gt;(ex: 192.168.1.0/24)</fielddescr>
<fieldname>allowaddr</fieldname>
<type>input</type>
diff --git a/config/openbgpd/openbgpd.inc b/config/openbgpd/openbgpd.inc
index 8e64c683..c786f0d9 100644
--- a/config/openbgpd/openbgpd.inc
+++ b/config/openbgpd/openbgpd.inc
@@ -79,6 +79,10 @@ function openbgpd_install_conf() {
if($neighbor['groupname'] == $group['name']) {
$conffile .= " neighbor {$neighbor['neighbor']} {\n";
$conffile .= " descr \"{$neighbor['descr']}\"\n";
+ if($neighbor['md5sigpass'])
+ $conffile .= " tcp md5sig password {$neighbor['md5sigpass']}\n";
+ if($neighbor['md5sigkey'])
+ $conffile .= " tcp md5sig key {$neighbor['md5sigkey']}\n";
foreach($neighbor['row'] as $row) {
$conffile .= " {$row['paramaters']} {$row['parmvalue']} \n";
}
@@ -130,7 +134,7 @@ function openbgpd_install_conf() {
$fd = fopen("/usr/local/etc/rc.d/bgpd.sh","w");
fwrite($fd, "#!/bin/sh\n\n");
fwrite($fd, "# This file was created by the pfSense package manager. Do not edit!\n\n");
- fwrite($fd, "bgpd\n");
+ fwrite($fd, "/usr/local/sbin/bgpd -f /usr/local/etc/bgpd.conf\n");
fclose($fd);
exec("chmod a+rx /usr/local/etc/rc.d/bgpd.sh");
exec("chmod a-rw /usr/local/etc/bgpd.conf");
diff --git a/config/openbgpd/openbgpd.xml b/config/openbgpd/openbgpd.xml
index 4b85dbd0..3bb37f7d 100644
--- a/config/openbgpd/openbgpd.xml
+++ b/config/openbgpd/openbgpd.xml
@@ -45,6 +45,11 @@
<version>1</version>
<title>Services: OpenBGPD</title>
<include_file>/usr/local/pkg/openbgpd.inc</include_file>
+ <service>
+ <name>bgpd</name>
+ <rcfile>bgpd.sh</rcfile>
+ <executable>bgpd</executable>
+ </service>
<additional_files_needed>
<prefix>/usr/local/www/</prefix>
<chmod>077</chmod>
diff --git a/config/openbgpd/openbgpd_neighbors.xml b/config/openbgpd/openbgpd_neighbors.xml
index cc170c0b..28fa87ab 100644
--- a/config/openbgpd/openbgpd_neighbors.xml
+++ b/config/openbgpd/openbgpd_neighbors.xml
@@ -106,6 +106,18 @@
</options>
</field>
<field>
+ <fielddescr>MD5 Signature Password</fielddescr>
+ <fieldname>md5sigpass</fieldname>
+ <description></description>
+ <type>input</type>
+ </field>
+ <field>
+ <fielddescr>MD5 Signature Key</fielddescr>
+ <fieldname>md5sigkey</fieldname>
+ <description></description>
+ <type>input</type>
+ </field>
+ <field>
<fielddescr>none</fielddescr>
<fieldname>none</fieldname>
<type>rowhelper</type>
diff --git a/config/openbgpd/openbgpd_status.php b/config/openbgpd/openbgpd_status.php
index 912539ce..5660734f 100644
--- a/config/openbgpd/openbgpd_status.php
+++ b/config/openbgpd/openbgpd_status.php
@@ -160,7 +160,5 @@ defCmdT("OpenBGPD Neighbors","bgpctl show neighbor");
<?php include("fend.inc"); ?>
-<meta http-equiv="refresh" content="60;url=<?php print $_SERVER['SCRIPT_NAME']; ?>">
-
</body>
</html>
diff --git a/config/ovpnenhance/openvpn.inc_tls b/config/ovpnenhance/openvpn.inc_tls
new file mode 100644
index 00000000..9ea4c7da
--- /dev/null
+++ b/config/ovpnenhance/openvpn.inc_tls
@@ -0,0 +1,668 @@
+<?php
+
+/* $Id: openvpn.inc,v 1.55 2007/06/30 21:20:11 sullrich Exp $ */
+/*
+ $RCSfile: openvpn.inc,v $
+ Copyright (C) 2006 Fernando Lemos
+ All rights reserved.
+
+ Copyright (C) 2005 Peter Allgeyer <allgeyer_AT_web.de>
+ All rights reserved.
+
+ Copyright (C) 2004 Peter Curran (peter@closeconsultants.com).
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notices,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notices, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require_once('config.inc');
+require_once('pfsense-utils.inc');
+require_once('util.inc');
+
+// Return the list of ciphers OpenVPN supports
+function openvpn_get_ciphers($pkg) {
+ foreach ($pkg['fields']['field'] as $i => $field) {
+ if ($field['fieldname'] == 'crypto') break;
+ }
+ $option_array = &$pkg['fields']['field'][$i]['options']['option'];
+ $ciphers_out = shell_exec('openvpn --show-ciphers | grep "default key" | awk \'{print $1, "(" $2 "-" $3 ")";}\'');
+ $ciphers = explode("\n", trim($ciphers_out));
+ sort($ciphers);
+ foreach ($ciphers as $cipher) {
+ $value = explode(' ', $cipher);
+ $value = $value[0];
+ $option_array[] = array('value' => $value, 'name' => $cipher);
+ }
+}
+
+
+function openvpn_validate_port($value, $name) {
+ $value = trim($value);
+ if (!empty($value) && !(is_numeric($value) && ($value > 0) && ($value < 65535)))
+ return "The field '$name' must contain a valid port, ranging from 0 to 65535.";
+ return false;
+}
+
+
+function openvpn_validate_cidr($value, $name) {
+ $value = trim($value);
+ if (!empty($value)) {
+ list($ip, $mask) = explode('/', $value);
+ if (!is_ipaddr($ip) or !is_numeric($mask) or ($mask > 32) or ($mask < 0))
+ return "The field '$name' must contain a valid CIDR range.";
+ }
+ return false;
+}
+
+
+// Do the input validation
+function openvpn_validate_input($mode, $post, $input_errors) {
+ $Mode = ucfirst($mode);
+
+ if ($mode == 'server') {
+ if ($result = openvpn_validate_port($post['local_port'], 'Local port'))
+ $input_errors[] = $result;
+
+ if ($result = openvpn_validate_cidr($post['addresspool'], 'Address pool'))
+ $input_errors[] = $result;
+
+ if ($result = openvpn_validate_cidr($post['local_network'], 'Local network'))
+ $input_errors[] = $result;
+
+/* check for port in use - update of existing entries not possible because $_GET['act'] is not passed from pkg_edit.php :-( mfuchs
+ $portinuse = shell_exec('sockstat | grep '.$post['local_port'].' | grep '.strtolower($post['protocol']));
+ if (!empty($portinuse))
+ $input_errors[] = 'The port '.$post['local_port'].'/'.strtolower($post['protocol']).' is already in use.';
+*/
+
+ if (!empty($post['dhcp_dns'])) {
+ $servers = explode(';', $post['dhcp_dns']);
+ foreach ($servers as $server) if (!is_ipaddr($server))
+ {$input_errors[] = 'The field \'DHCP-Opt.: DNS-Server\' must contain a valid IP address and no whitespaces.';
+ break;}}
+ if (!empty($post['dhcp_wins'])) {
+ $servers = explode(';', $post['dhcp_wins']);
+ foreach ($servers as $server) if (!is_ipaddr($server))
+ {$input_errors[] = 'The field \'DHCP-Opt.: WINS-Server\' must contain a valid IP address and no whitespaces.';
+ break;}}
+ if (!empty($post['dhcp_nbdd'])) {
+ $servers = explode(';', $post['dhcp_nbdd']);
+ foreach ($servers as $server) if (!is_ipaddr($server))
+ {$input_errors[] = 'The field \'DHCP-Opt.: NBDD-Server\' must contain a valid IP address and no whitespaces.';
+ break;}}
+ if (!empty($post['dhcp_ntp'])) {
+ $servers = explode(';', $post['dhcp_ntp']);
+ foreach ($servers as $server) if (!is_ipaddr($server))
+ {$input_errors[] = 'The field \'DHCP-Opt.: NTP-Server\' must contain a valid IP address and no whitespaces.';
+ break;}}
+ if (isset($post['maxclients']) && $post['maxclients'] != "") {
+ if (!is_numeric($post['maxclients']))
+ $input_errors[] = 'The field \'Maximum clients\' must be numeric.';
+ }
+
+ }
+
+ else { // Client mode
+ if ($result = openvpn_validate_port($post['serverport'], 'Server port'))
+ $input_errors[] = $result;
+
+ $server_addr = trim($post['serveraddr']);
+ if (!empty($value) && !(is_domain($server_addr) || is_ipaddr($server_addr)))
+ $input_errors[] = 'The field \'Server address\' must contain a valid IP address or domain name.';
+
+ if ($result = openvpn_validate_cidr($post['interface_ip'], 'Interface IP'))
+ $input_errors[] = $result;
+
+ if ($post['auth_method'] == 'shared_key') {
+ if (empty($post['interface_ip']))
+ $input_errors[] = 'The field \'Interface IP\' is required.';
+ }
+ if (isset($post['proxy_hostname']) && $post['proxy_hostname'] != "") {
+ if (!is_domain($post['proxy_hostname']) || is_ipaddr($post['proxy_hostname']))
+ $input_errors[] = 'The field \'Proxy Host\' must contain a valid IP address or domain name.';
+ if (!is_port($post['proxy_port']))
+ $input_errors[] = 'The field \'Proxy port\' must contain a valid port number.';
+ if ($post['protocol'] != "TCP")
+ $input_errors[] = 'The protocol must be TCP to use a HTTP proxy server.';
+ }
+ if (isset($post['use_shaper']) && $post['use_shaper'] != "") {
+ if (!is_numeric($post['use_shaper']))
+ $input_errors[] = 'The field \'Limit outgoing bandwidth\' must be numeric.';
+ }
+
+ }
+
+ if ($result = openvpn_validate_cidr($post['remote_network'], 'Remote network'))
+ $input_errors[] = $result;
+
+ if ($_POST['auth_method'] == 'shared_key') {
+ $reqfields[] = 'shared_key';
+ $reqfieldsn[] = 'Shared key';
+ }
+ else {
+ $req = explode(' ', "ca_cert {$mode}_cert {$mode}_key");
+ $reqn = array( 'CA certificate',
+ ucfirst($mode) . ' certificate',
+ ucfirst($mode) . ' key');
+ $reqfields = array_merge($reqfields, $req);
+ $reqfieldsn = array_merge($reqfieldsn, $reqn);
+ if ($mode == 'server') {
+ $reqfields[] = 'dh_params';
+ $reqfieldsn[] = 'DH parameters';
+ }
+ }
+ do_input_validation($post, $reqfields, $reqfieldsn, &$input_errors);
+
+ $value = trim($post['shared_key']);
+ $items = array();
+
+ if ($_POST['auth_method'] == 'shared_key') {
+ $items[] = array( 'field' => 'shared_key',
+ 'string' => 'OpenVPN Static key V1',
+ 'name' => 'Shared key');
+ }
+ else {
+ $items[] = array( 'field' => 'ca_cert',
+ 'string' => 'CERTIFICATE',
+ 'name' => 'CA certificate');
+ $items[] = array( 'field' => "{$mode}_cert",
+ 'string' => 'CERTIFICATE',
+ 'name' => "$Mode certificate");
+ $items[] = array( 'field' => "{$mode}_key",
+ 'string' => 'RSA PRIVATE KEY',
+ 'name' => "$Mode key");
+ $items[] = array( 'field' => 'tls',
+ 'string' => 'OpenVPN Static key V1',
+ 'name' => 'TLS');
+ if ($mode == 'server') {
+ $items[] = array( 'field' => 'dh_params',
+ 'string' => 'DH PARAMETERS',
+ 'name' => 'DH parameters');
+ $items[] = array( 'field' => 'crl',
+ 'string' => 'X509 CRL',
+ 'name' => 'CRL');
+ }
+ }
+ foreach ($items as $item) {
+ $value = trim($_POST[$item['field']]);
+ $string = $item['string'];
+ if ($value && (!strstr($value, "-----BEGIN {$string}-----") || !strstr($value, "-----END {$string}-----")))
+ $input_errors[] = "The field '{$item['name']}' does not appear to be valid";
+ }
+}
+
+
+function openvpn_validate_input_csc($post, $input_errors) {
+ if ($result = openvpn_validate_cidr($post['ifconfig_push'], 'Interface IP'))
+ $input_errors[] = $result;
+
+ if ($post['push_reset'] != 'on') {
+ if (!empty($post['dhcp_domainname']))
+ $input_errors[] = 'It makes no sense to unselect push reset and configure dhcp-options';
+ elseif (!empty($post['dhcp_dns']))
+ $input_errors[] = 'It makes no sense to unselect push reset and configure dhcp-options';
+ elseif (!empty($post['dhcp_wins']))
+ $input_errors[] = 'It makes no sense to unselect push reset and configure dhcp-options';
+ elseif (!empty($post['dhcp_nbdd']))
+ $input_errors[] = 'It makes no sense to unselect push reset and configure dhcp-options';
+ elseif (!empty($post['dhcp_ntp']))
+ $input_errors[] = 'It makes no sense to unselect push reset and configure dhcp-options';
+ elseif ($post['dhcp_nbttype'])
+ $input_errors[] = 'It makes no sense to unselect push reset and configure dhcp-options';
+ elseif (!empty($post['dhcp_nbtscope']))
+ $input_errors[] = 'It makes no sense to unselect push reset and configure dhcp-options';
+ elseif ($post['dhcp_nbtdisable'])
+ $input_errors[] = 'It makes no sense to unselect push reset and configure dhcp-options';
+
+ }
+ else {
+
+ if (!empty($post['dhcp_dns'])) {
+ $servers = explode(';', $post['dhcp_dns']);
+ foreach ($servers as $server) if (!is_ipaddr($server))
+ {$input_errors[] = 'The field \'DHCP-Opt.: DNS-Server\' must contain a valid IP address and no whitespaces.';
+ break;}}
+ if (!empty($post['dhcp_wins'])) {
+ $servers = explode(';', $post['dhcp_wins']);
+ foreach ($servers as $server) if (!is_ipaddr($server))
+ {$input_errors[] = 'The field \'DHCP-Opt.: WINS-Server\' must contain a valid IP address and no whitespaces.';
+ break;}}
+ if (!empty($post['dhcp_nbdd'])) {
+ $servers = explode(';', $post['dhcp_nbdd']);
+ foreach ($servers as $server) if (!is_ipaddr($server))
+ {$input_errors[] = 'The field \'DHCP-Opt.: NBDD-Server\' must contain a valid IP address and no whitespaces.';
+ break;}}
+ if (!empty($post['dhcp_ntp'])) {
+ $servers = explode(';', $post['dhcp_ntp']);
+ foreach ($servers as $server) if (!is_ipaddr($server))
+ {$input_errors[] = 'The field \'DHCP-Opt.: NTP-Server\' must contain a valid IP address and no whitespaces.';
+ break;}}
+
+}}
+
+// Rewrite the settings
+function openvpn_reconfigure($mode, $id) {
+ global $g, $config;
+
+ $settings = $config['installedpackages']["openvpn$mode"]['config'][$id];
+ if ($settings['disable']) return;
+
+ $lport = 1194 + $id;
+
+ // Set the keys up
+ // Note that the keys' extension is also the directive that goes to the config file
+ $base_file = $g['varetc_path'] . "/openvpn_{$mode}{$id}.";
+ $keys = array();
+ if ($settings['auth_method'] == 'shared_key')
+ $keys[] = array('field' => 'shared_key', 'ext' => 'secret', 'directive' => 'secret');
+ else {
+ $keys[] = array('field' => 'ca_cert', 'ext' => 'ca', 'directive' => 'ca');
+ $keys[] = array('field' => "{$mode}_cert", 'ext' => 'cert', 'directive' => 'cert');
+ $keys[] = array('field' => "{$mode}_key", 'ext' => 'key', 'directive' => 'key');
+ if ($mode == 'server')
+ $keys[] = array('field' => 'dh_params', 'ext' => 'dh', 'directive' => 'dh');
+ if ($settings['crl'])
+ $keys[] = array('field' => 'crl', 'ext' => 'crl', 'directive' => 'crl-verify');
+ if ($settings['tls'])
+ $keys[] = array('field' => 'tls', 'ext' => 'tls', 'directive' => 'tls-auth');
+
+ }
+ foreach($keys as $key) {
+ $filename = $base_file . $key['ext'];
+ file_put_contents($filename, base64_decode($settings[$key['field']]));
+ chown($filename, 'nobody');
+ chgrp($filename, 'nobody');
+ }
+
+ $pidfile = $g['varrun_path'] . "/openvpn_{$mode}{$id}.pid";
+ $proto = ($settings['protocol'] == 'UDP' ? 'udp' : "tcp-{$mode}");
+ $cipher = $settings['crypto'];
+ $openvpn_conf = <<<EOD
+writepid $pidfile
+#user nobody
+#group nobody
+daemon
+keepalive 10 60
+ping-timer-rem
+persist-tun
+persist-key
+dev tun
+proto $proto
+cipher $cipher
+up /etc/rc.filter_configure
+down /etc/rc.filter_configure
+
+EOD;
+
+ // Mode-specific stuff
+ if ($mode == 'server') {
+ list($ip, $mask) = explode('/', $settings['addresspool']);
+ $mask = gen_subnet_mask($mask);
+
+ // Using a shared key or not dynamically assigning IPs to the clients
+ if (($settings['auth_method'] == 'shared_key') || ($settings['nopool'] == 'on')) {
+ if ($settings['auth_method'] == 'pki') $openvpn_conf .= "tls-server\n";
+
+ $baselong = ip2long($ip) & ip2long($mask);
+ $ip1 = long2ip($baselong + 1);
+ $ip2 = long2ip($baselong + 2);
+ $openvpn_conf .= "ifconfig $ip1 $ip2\n";
+ }
+ // Using a PKI
+ else if ($settings['auth_method'] == 'pki') {
+ if ($settings['client2client']) $openvpn_conf .= "client-to-client\n";
+ $openvpn_conf .= "server $ip $mask\n";
+ $csc_dir = "{$g['varetc_path']}/openvpn_csc";
+ $openvpn_conf .= "client-config-dir $csc_dir\n";
+ }
+
+ // We can push routes
+ if (!empty($settings['local_network'])) {
+ list($ip, $mask) = explode('/', $settings['local_network']);
+ $mask = gen_subnet_mask($mask);
+ $openvpn_conf .= "push \"route $ip $mask\"\n";
+ }
+
+ // The port we'll listen at
+ $openvpn_conf .= "lport {$settings['local_port']}\n";
+
+ // DHCP-Options
+ if (!empty($settings['dhcp_domainname'])) $openvpn_conf .= "push \"dhcp-option DOMAIN {$settings['dhcp_domainname']}\"\n";
+
+ if (!empty($settings['dhcp_dns'])) {
+ $servers = explode(';', $settings['dhcp_dns']);
+ if (is_array($servers)) {
+ foreach ($servers as $server) $openvpn_conf .= "push \"dhcp-option DNS {$server}\"\n";
+ }
+ else {
+ $openvpn_conf .= "push \"dhcp-option DNS {$settings['dhcp_dns']}\"\n";
+ }
+ }
+
+ if (!empty($settings['dhcp_wins'])) {
+ $servers = explode(';', $settings['dhcp_wins']);
+ if (is_array($servers)) {
+ foreach ($servers as $server) $openvpn_conf .= "push \"dhcp-option WINS {$server}\"\n";
+ }
+ else {
+ $openvpn_conf .= "push \"dhcp-option WINS {$settings['dhcp_wins']}\"\n";
+ }
+ }
+
+ if (!empty($settings['dhcp_nbdd'])) {
+ $servers = explode(';', $settings['dhcp_nbdd']);
+ if (is_array($servers)) {
+ foreach ($servers as $server) $openvpn_conf .= "push \"dhcp-option NBDD {$server}\"\n";
+ }
+ else {
+ $openvpn_conf .= "push \"dhcp-option NBDD {$settings['dhcp_nbdd']}\"\n";
+ }
+ }
+
+ if (!empty($settings['dhcp_ntp'])) {
+ $servers = explode(';', $settings['dhcp_ntp']);
+ if (is_array($servers)) {
+ foreach ($servers as $server) $openvpn_conf .= "push \"dhcp-option NTP {$server}\"\n";
+ }
+ else {
+ $openvpn_conf .= "push \"dhcp-option NTP {$settings['dhcp_ntp']}\"\n";
+ }
+ }
+
+ if (!empty($settings['dhcp_nbttype']) && $settings['dhcp_nbttype'] !=0) $openvpn_conf .= "push \"dhcp-option NBT {$settings['dhcp_nbttype']}\"\n";
+ if (!empty($settings['dhcp_nbtscope'])) $openvpn_conf .= "push \"dhcp-option NBS {$settings['dhcp_nbtscope']}\"\n";
+ if (!empty($settings['dhcp_nbtdisable'])) $openvpn_conf .= "push \"dhcp-option DISABLE-NBT\"\n";
+ if (!empty($settings['tls'])) $openvpn_conf .= "tls-auth {$g['varetc_path']}/openvpn_server{$id}.tls 0\n";
+ if (!empty($settings['maxclients'])) $openvpn_conf .= "max-clients {$settings['maxclients']}\n";
+ if ($settings['gwredir']) $openvpn_conf .= "push \"redirect-gateway def1\"\n";
+ }
+
+ else { // $mode == client
+ // The remote server
+ $openvpn_conf .= "remote {$settings['serveraddr']} {$settings['serverport']}\n";
+
+ if ($settings['auth_method'] == 'pki') $openvpn_conf .= "client\n";
+
+ if ($settings['use_dynamicport']) $openvpn_conf .= "nobind\n";
+ else
+ // The port we'll listen at
+ $openvpn_conf .= "lport {$lport}\n";
+
+ if (!empty($settings['use_shaper'])) $openvpn_conf .= "shaper {$settings['use_shaper']}\n";
+
+ if (!empty($settings['interface_ip'])) {
+ // Configure the IPs according to the address pool
+ list($ip, $mask) = explode('/', $settings['interface_ip']);
+ $mask = gen_subnet_mask($mask);
+ $baselong = ip2long($ip) & ip2long($mask);
+ $ip1 = long2ip($baselong + 1);
+ $ip2 = long2ip($baselong + 2);
+ $openvpn_conf .= "ifconfig $ip2 $ip1\n";
+ }
+ if (isset($settings['proxy_hostname']) && $settings['proxy_hostname'] != "") {
+ /* ;http-proxy-retry # retry on connection failures */
+ $openvpn_conf .= "http-proxy {$settings['proxy_hostname']} {$settings['proxy_port']}\n";
+ }
+
+ if (!empty($settings['tls'])) $openvpn_conf .= "tls-auth {$g['varetc_path']}/openvpn_client{$id}.tls 1\n";
+
+ }
+
+ // Add the routes if they're set
+ if (!empty($settings['remote_network'])) {
+ list($ip, $mask) = explode('/', $settings['remote_network']);
+ $mask = gen_subnet_mask($mask);
+ $openvpn_conf .= "route $ip $mask\n";
+ }
+
+ // Write the settings for the keys
+ foreach ($keys as $key)
+ if ($key['directive'] != 'tls-auth') {
+ $openvpn_conf .= $key['directive'] . ' ' . $base_file . $key['ext'] . "\n";
+ }
+
+ if ($settings['use_lzo']) $openvpn_conf .= "comp-lzo\n";
+
+ if ($settings['passtos']) $openvpn_conf .= "passtos\n";
+
+ if ($settings['infiniteresolvretry']) $openvpn_conf .= "resolv-retry infinite\n";
+
+ if ($settings['dynamic_ip']) {
+ $openvpn_conf .= "persist-remote-ip\n";
+ $openvpn_conf .= "float\n";
+ }
+
+ if (!empty($settings['custom_options'])) {
+ $options = explode(';', $settings['custom_options']);
+ if (is_array($options)) {
+ foreach ($options as $option)
+ $openvpn_conf .= "$option\n";
+ }
+ else {
+ $openvpn_conf .= "{$settings['custom_options']}\n";
+ }
+ }
+
+ file_put_contents($g['varetc_path'] . "/openvpn_{$mode}{$id}.conf", $openvpn_conf);
+}
+
+
+function openvpn_resync_csc($id) {
+ global $g, $config;
+
+ $settings = $config['installedpackages']['openvpncsc']['config'][$id];
+
+ if ($settings['disable'] == 'on') {
+ $filename = "{$g['varetc_path']}/openvpn_csc/{$settings['commonname']}";
+ unlink_if_exists($filename);
+ return;
+ }
+
+ $conf = '';
+ if ($settings['block'] == 'on') $conf .= "disable\n";
+ if ($settings['push_reset'] == 'on') $conf .= "push-reset\n";
+ if (!empty($settings['ifconfig_push'])) {
+ list($ip, $mask) = explode('/', $settings['ifconfig_push']);
+ $baselong = ip2long($ip) & gen_subnet_mask_long($mask);
+ $conf .= 'ifconfig-push ' . long2ip($baselong + 1) . ' ' . long2ip($baselong + 2) . "\n";
+ }
+
+// DHCP-Options
+ if (!empty($settings['dhcp_domainname'])) $conf .= "push \"dhcp-option DOMAIN {$settings['dhcp_domainname']}\"\n";
+
+ if (!empty($settings['dhcp_dns'])) {
+ $servers = explode(';', $settings['dhcp_dns']);
+ if (is_array($servers)) {
+ foreach ($servers as $server) $conf .= "push \"dhcp-option DNS {$server}\"\n";
+ }
+ else {
+ $conf .= "push \"dhcp-option DNS {$settings['dhcp_dns']}\"\n";
+ }
+ }
+
+ if (!empty($settings['dhcp_wins'])) {
+ $servers = explode(';', $settings['dhcp_wins']);
+ if (is_array($servers)) {
+ foreach ($servers as $server) $conf .= "push \"dhcp-option WINS {$server}\"\n";
+ }
+ else {
+ $conf .= "push \"dhcp-option WINS {$settings['dhcp_wins']}\"\n";
+ }
+ }
+
+ if (!empty($settings['dhcp_nbdd'])) {
+ $servers = explode(';', $settings['dhcp_nbdd']);
+ if (is_array($servers)) {
+ foreach ($servers as $server) $conf .= "push \"dhcp-option NBDD {$server}\"\n";
+ }
+ else {
+ $conf .= "push \"dhcp-option NBDD {$settings['dhcp_nbdd']}\"\n";
+ }
+ }
+
+ if (!empty($settings['dhcp_ntp'])) {
+ $servers = explode(';', $settings['dhcp_ntp']);
+ if (is_array($servers)) {
+ foreach ($servers as $server) $conf .= "push \"dhcp-option NTP {$server}\"\n";
+ }
+ else {
+ $conf .= "push \"dhcp-option NTP {$settings['dhcp_ntp']}\"\n";
+ }
+ }
+
+ if (!empty($settings['dhcp_nbttype']) && $settings['dhcp_nbttype'] !=0) $conf .= "push \"dhcp-option NBT {$settings['dhcp_nbttype']}\"\n";
+ if (!empty($settings['dhcp_nbtscope'])) $conf .= "push \"dhcp-option NBS {$settings['dhcp_nbtscope']}\"\n";
+ if ($settings['dhcp_nbtdisable']) $conf .= "push \"dhcp-option DISABLE-NBT\"\n";
+ if ($settings['gwredir']) $conf .= "push \"redirect-gateway def1\"\n";
+
+
+ if (!empty($settings['custom_options'])) {
+ $options = explode(';', $settings['custom_options']);
+ if (is_array($options)) {
+ foreach ($options as $option)
+ $conf .= "$option\n";
+ }
+ else {
+ $conf .= "{$settings['custom_options']}\n";
+ }
+ }
+
+ $filename = "{$g['varetc_path']}/openvpn_csc/{$settings['commonname']}";
+ file_put_contents($filename, $conf);
+ chown($filename, 'nobody');
+ chgrp($filename, 'nogroup');
+
+}
+
+
+function openvpn_restart($mode, $id) {
+ global $g, $config;
+
+ $pidfile = $g['varrun_path'] . "/openvpn_{$mode}{$id}.pid";
+ killbypid($pidfile);
+ sleep(2);
+
+ $settings = $config['installedpackages']["openvpn$mode"]['config'][$id];
+ if ($settings['disable']) return;
+
+ $configfile = $g['varetc_path'] . "/openvpn_{$mode}{$id}.conf";
+ mwexec_bg("nohup openvpn --config $configfile");
+ touch("{$g['tmp_path']}/filter_dirty");
+}
+
+
+// Resync the configuration and restart the VPN
+function openvpn_resync($mode, $id) {
+ openvpn_reconfigure($mode, $id);
+ openvpn_restart($mode, $id);
+}
+
+function openvpn_create_cscdir() {
+ global $g;
+
+ $csc_dir = "{$g['varetc_path']}/openvpn_csc";
+ if (is_dir($csc_dir))
+ rmdir_recursive($csc_dir);
+ make_dirs($csc_dir);
+ chown($csc_dir, 'nobody');
+ chgrp($csc_dir, 'nobody');
+}
+
+// Resync and restart all VPNs
+function openvpn_resync_all() {
+ global $config;
+
+ foreach (array('server', 'client') as $mode) {
+ if (is_array($config['installedpackages']["openvpn$mode"]['config'])) {
+ foreach ($config['installedpackages']["openvpn$mode"]['config'] as $id => $settings)
+ openvpn_resync($mode, $id);
+ }
+ }
+
+ openvpn_create_cscdir();
+ if (is_array($config['installedpackages']['openvpncsc']['config'])) {
+ foreach ($config['installedpackages']['openvpncsc']['config'] as $id => $csc)
+ openvpn_resync_csc($id);
+ }
+
+ /* give speedy machines time to settle */
+ sleep(5);
+
+ /* reload the filter policy */
+ filter_configure();
+
+}
+
+function openvpn_print_javascript($mode) {
+ $javascript = <<<EOD
+<script language="JavaScript">
+<!--
+function onAuthMethodChanged() {
+ var method = document.iform.auth_method;
+ var endis = (method.options[method.selectedIndex].value == 'shared_key');
+
+ document.iform.shared_key.disabled = !endis;
+ document.iform.ca_cert.disabled = endis;
+ document.iform.{$mode}_cert.disabled = endis;
+ document.iform.{$mode}_key.disabled = endis;
+ document.iform.tls.disabled = endis;
+
+EOD;
+ if ($mode == 'server') {
+ $javascript .= <<<EOD
+ document.iform.dh_params.disabled = endis;
+ document.iform.crl.disabled = endis;
+ document.iform.tls.disabled = endis;
+ document.iform.nopool.disabled = endis;
+ document.iform.local_network.disabled = endis;
+ document.iform.client2client.disabled = endis;
+ document.iform.maxclients.disabled = endis;
+
+EOD;
+ }
+
+ else { // Client mode
+ $javascript .= "\tdocument.iform.remote_network.disabled = !endis;\n";
+ }
+
+ $javascript .= <<<EOD
+}
+//-->
+</script>
+
+EOD;
+ print($javascript);
+}
+
+
+function openvpn_print_javascript2() {
+ $javascript = <<<EOD
+<script language="JavaScript">
+<!--
+ onAuthMethodChanged();
+//-->
+</script>
+
+EOD;
+ print($javascript);
+}
+?>
diff --git a/config/ovpnenhance/openvpn.xml_tls b/config/ovpnenhance/openvpn.xml_tls
new file mode 100644
index 00000000..e7932e38
--- /dev/null
+++ b/config/ovpnenhance/openvpn.xml_tls
@@ -0,0 +1,329 @@
+<packagegui>
+ <name>openvpnserver</name>
+ <title>OpenVPN: Server</title>
+ <include_file>openvpn.inc</include_file>
+ <delete_string>An OpenVPN server has been deleted.</delete_string>
+ <addedit_string>An OpenVPN server has been created/modified.</addedit_string>
+ <tabs>
+ <tab>
+ <text>Server</text>
+ <url>/pkg.php?xml=openvpn.xml</url>
+ <active/>
+ </tab>
+ <tab>
+ <text>Client</text>
+ <url>/pkg.php?xml=openvpn_cli.xml</url>
+ </tab>
+ <tab>
+ <text>Client-specific configuration</text>
+ <url>/pkg.php?xml=openvpn_csc.xml</url>
+ </tab>
+ </tabs>
+ <adddeleteeditpagefields>
+ <columnitem>
+ <fieldname>disable</fieldname>
+ <fielddescr>Disabled</fielddescr>
+ <type>checkbox</type>
+ </columnitem>
+ <columnitem>
+ <fieldname>protocol</fieldname>
+ <fielddescr>Protocol</fielddescr>
+ </columnitem>
+ <columnitem>
+ <fieldname>addresspool</fieldname>
+ <fielddescr>Address pool</fielddescr>
+ </columnitem>
+ <columnitem>
+ <fieldname>description</fieldname>
+ <fielddescr>Description</fielddescr>
+ </columnitem>
+ </adddeleteeditpagefields>
+ <fields>
+ <field>
+ <fieldname>disable</fieldname>
+ <fielddescr>Disable this tunnel</fielddescr>
+ <description>This allows you to disable this tunnel without removing it from the list.</description>
+ <required/>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fieldname>protocol</fieldname>
+ <fielddescr>Protocol</fielddescr>
+ <description>The protocol to be used for the VPN.</description>
+ <required/>
+ <type>select</type>
+ <options>
+ <option>
+ <value>TCP</value>
+ <name>TCP</name>
+ </option>
+ <option>
+ <value>UDP</value>
+ <name>UDP</name>
+ </option>
+ </options>
+ <default_value>UDP</default_value>
+ </field>
+ <field>
+ <fieldname>dynamic_ip</fieldname>
+ <fielddescr>Dynamic IP</fielddescr>
+ <description>Assume dynamic IPs, so that DHCP clients can connect.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fieldname>local_port</fieldname>
+ <fielddescr>Local port</fielddescr>
+ <description>The port OpenVPN will listen on. You generally want 1194 here.</description>
+ <required/>
+ <type>input</type>
+ <default_value>1194</default_value>
+ <size>5</size>
+ </field>
+ <field>
+ <fieldname>addresspool</fieldname>
+ <fielddescr>Address pool</fielddescr>
+ <description>This is the address pool to be assigned to the clients. Expressed as a CIDR range (eg. 10.0.8.0/24). If the 'Use static IPs' field isn't set, clients will be assigned addresses from this pool. Otherwise, this will be used to set the local interface's IP.</description>
+ <required/>
+ <type>input</type>
+ </field>
+ <field>
+ <fieldname>nopool</fieldname>
+ <fielddescr>Use static IPs</fielddescr>
+ <description>If this option is set, IPs won't be assigned to clients. Instead, the server will use static IPs on its side, and the clients are expected to use this same value in the 'Address pool' field.</description>
+ <required/>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fieldname>local_network</fieldname>
+ <fielddescr>Local network</fielddescr>
+ <description>This is the network that will be accessable from the remote endpoint. Expressed as a CIDR range. You may leave this blank you don't want to add a route to your network through this tunnel in the remote machine. This is generally set to your LAN network.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fieldname>remote_network</fieldname>
+ <fielddescr>Remote network</fielddescr>
+ <description>This is a network that will be routed through the tunnel, so that a site-to-site VPN can be established without manually changing the routing tables. Expressed as a CIDR range. If this is a site-to-site VPN, enter here the remote LAN here. You may leave this blank if you don't want a site-to-site VPN.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fieldname>client2client</fieldname>
+ <fielddescr>Client-to-client VPN</fielddescr>
+ <description>If this option is set, clients will be able to talk to each other. Otherwise, they will only be able to talk to the server.</description>
+ <required/>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fieldname>crypto</fieldname>
+ <fielddescr>Cryptography</fielddescr>
+ <description>Here you can choose the cryptography algorithm to be used.</description>
+ <required/>
+ <type>select</type>
+ <default_value>BF-CBC</default_value>
+ </field>
+ <field>
+ <fieldname>auth_method</fieldname>
+ <fielddescr>Authentication method</fielddescr>
+ <description>The authentication method to be used.</description>
+ <required/>
+ <type>select</type>
+ <options>
+ <option>
+ <value>shared_key</value>
+ <name>Shared key</name>
+ </option>
+ <option>
+ <value>pki</value>
+ <name>PKI (Public Key Infrastructure)</name>
+ </option>
+ </options>
+ <onchange>onAuthMethodChanged()</onchange>
+ </field>
+ <field>
+ <fieldname>shared_key</fieldname>
+ <fielddescr>Shared key</fielddescr>
+ <description>Paste your shared key here.</description>
+ <type>textarea</type>
+ <encoding>base64</encoding>
+ <rows>8</rows>
+ <cols>40</cols>
+ </field>
+ <field>
+ <fieldname>ca_cert</fieldname>
+ <fielddescr>CA certificate</fielddescr>
+ <description>Paste your CA certificate in X.509 format here.</description>
+ <type>textarea</type>
+ <encoding>base64</encoding>
+ <rows>8</rows>
+ <cols>40</cols>
+ </field>
+ <field>
+ <fieldname>server_cert</fieldname>
+ <fielddescr>Server certificate</fielddescr>
+ <description>Paste your server certificate in X.509 format here.</description>
+ <type>textarea</type>
+ <encoding>base64</encoding>
+ <rows>8</rows>
+ <cols>40</cols>
+ </field>
+ <field>
+ <fieldname>server_key</fieldname>
+ <fielddescr>Server key</fielddescr>
+ <description>Paste your server key in RSA format here.</description>
+ <type>textarea</type>
+ <encoding>base64</encoding>
+ <rows>8</rows>
+ <cols>40</cols>
+ </field>
+ <field>
+ <fieldname>dh_params</fieldname>
+ <fielddescr>DH parameters</fielddescr>
+ <description>Paste your Diffie Hellman parameters in PEM format here.</description>
+ <type>textarea</type>
+ <encoding>base64</encoding>
+ <rows>8</rows>
+ <cols>40</cols>
+ </field>
+ <field>
+ <fieldname>crl</fieldname>
+ <fielddescr>CRL</fielddescr>
+ <description>Paste your certificate revocation list (CRL) in PEM format here (optional).</description>
+ <type>textarea</type>
+ <encoding>base64</encoding>
+ <rows>8</rows>
+ <cols>40</cols>
+ </field>
+ <field>
+ <fieldname>tls</fieldname>
+ <fielddescr>TLS</fielddescr>
+ <description>Paste your HMAC signature (TLS) here (optional).</description>
+ <type>textarea</type>
+ <encoding>base64</encoding>
+ <rows>8</rows>
+ <cols>40</cols>
+ </field>
+ <field>
+ <fieldname>dhcp_domainname</fieldname>
+ <fielddescr>DHCP-Opt.: DNS-Domainname</fielddescr>
+ <description>Set connection-specific DNS Suffix.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fieldname>dhcp_dns</fieldname>
+ <fielddescr>DHCP-Opt.: DNS-Server</fielddescr>
+ <description>Set domain name server addresses, separated by semi-colons (;).</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fieldname>dhcp_wins</fieldname>
+ <fielddescr>DHCP-Opt.: WINS-Server</fielddescr>
+ <description>Set WINS server addresses (NetBIOS over TCP/IP Name Server), separated by semi-colons (;).</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fieldname>dhcp_nbdd</fieldname>
+ <fielddescr>DHCP-Opt.: NBDD-Server</fielddescr>
+ <description>Set NBDD server addresses (NetBIOS over TCP/IP Datagram Distribution Server), separated by semi-colons (;).</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fieldname>dhcp_ntp</fieldname>
+ <fielddescr>DHCP-Opt.: NTP-Server</fielddescr>
+ <description>Set NTP server addresses (Network Time Protocol), separated by semi-colons (;).</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fieldname>dhcp_nbttype</fieldname>
+ <fielddescr>DHCP-Opt.: NetBIOS node type</fielddescr>
+ <description>Set NetBIOS over TCP/IP Node type. Possible options: b-node (broadcasts), p-node (point-to-point name queries to a WINS server), m-node (broadcast then query name server), and h-node (query name server, then broadcast).</description>
+ <type>select</type>
+ <options>
+ <option>
+ <value>0</value>
+ <name>none</name>
+ </option>
+ <option>
+ <value>1</value>
+ <name>b-node</name>
+ </option>
+ <option>
+ <value>2</value>
+ <name>p-node</name>
+ </option>
+ <option>
+ <value>4</value>
+ <name>m-node</name>
+ </option>
+ <option>
+ <value>8</value>
+ <name>h-node</name>
+ </option>
+ </options>
+ <default_value>0</default_value>
+ </field>
+ <field>
+ <fieldname>dhcp_nbtscope</fieldname>
+ <fielddescr>DHCP-Opt.: NetBIOS Scope</fielddescr>
+ <description>Set NetBIOS over TCP/IP Scope. A NetBIOS Scope ID provides an extended naming service for NetBIOS over TCP/IP. The NetBIOS scope ID isolates NetBIOS traffic on a single network to only those nodes with the same NetBIOS scope ID.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fieldname>dhcp_nbtdisable</fieldname>
+ <fielddescr>DHCP-Opt.: Disable NetBIOS</fielddescr>
+ <description>If this option is set, Netbios-over-TCP/IP will be disabled.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fieldname>use_lzo</fieldname>
+ <fielddescr>LZO compression</fielddescr>
+ <description>Checking this will compress the packets using the LZO algorithm before sending them.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fieldname>maxclients</fieldname>
+ <fielddescr>Maximum clients</fielddescr>
+ <description>The maximum number of concurrently connected clients we want to allow.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fieldname>passtos</fieldname>
+ <fielddescr>Pass Type-Of-Service</fielddescr>
+ <description>Checking this will set the TOS field of the tunnel packet to what the payload's TOS is.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fieldname>gwredir</fieldname>
+ <fielddescr>Redirect Gateway</fielddescr>
+ <description>Redirect ALL traffic through the OpenVPN server.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fieldname>custom_options</fieldname>
+ <fielddescr>Custom options</fielddescr>
+ <description>You can put your own custom options here, separated by semi-colons (;). They'll be added to the server configuration.</description>
+ <type>textarea</type>
+ <cols>65</cols>
+ <rows>5</rows>
+ </field>
+ <field>
+ <fieldname>description</fieldname>
+ <fielddescr>Description</fielddescr>
+ <description>You may enter a description here. This is optional and is not parsed.</description>
+ <type>input</type>
+ </field>
+ </fields>
+ <custom_php_command_before_form>
+ openvpn_get_ciphers(&amp;$pkg);
+ </custom_php_command_before_form>
+ <custom_php_after_head_command>
+ openvpn_print_javascript('server');
+ </custom_php_after_head_command>
+ <custom_php_after_form_command>
+ openvpn_print_javascript2();
+ </custom_php_after_form_command>
+ <custom_php_validation_command>
+ openvpn_validate_input('server', $_POST, &amp;$input_errors);
+ </custom_php_validation_command>
+ <custom_php_resync_config_command>
+ openvpn_resync('server', $id);
+ </custom_php_resync_config_command>
+</packagegui>
diff --git a/config/ovpnenhance/openvpn_cli.xml_tls b/config/ovpnenhance/openvpn_cli.xml_tls
new file mode 100644
index 00000000..b9b85cf6
--- /dev/null
+++ b/config/ovpnenhance/openvpn_cli.xml_tls
@@ -0,0 +1,240 @@
+<packagegui>
+ <name>openvpnclient</name>
+ <title>OpenVPN: Client</title>
+ <include_file>openvpn.inc</include_file>
+ <delete_string>An OpenVPN client has been deleted.</delete_string>
+ <addedit_string>An OpenVPN client has been created/modified.</addedit_string>
+ <tabs>
+ <tab>
+ <text>Server</text>
+ <url>/pkg.php?xml=openvpn.xml</url>
+ </tab>
+ <tab>
+ <text>Client</text>
+ <url>/pkg.php?xml=openvpn_cli.xml</url>
+ <active/>
+ </tab>
+ <tab>
+ <text>Client-specific configuration</text>
+ <url>/pkg.php?xml=openvpn_csc.xml</url>
+ </tab>
+ </tabs>
+ <adddeleteeditpagefields>
+ <columnitem>
+ <fieldname>disable</fieldname>
+ <fielddescr>Disabled</fielddescr>
+ <type>checkbox</type>
+ </columnitem>
+ <columnitem>
+ <fieldname>serveraddr</fieldname>
+ <fielddescr>Server</fielddescr>
+ </columnitem>
+ <columnitem>
+ <fieldname>protocol</fieldname>
+ <fielddescr>Protocol</fielddescr>
+ </columnitem>
+ <columnitem>
+ <fieldname>description</fieldname>
+ <fielddescr>Description</fielddescr>
+ </columnitem>
+ </adddeleteeditpagefields>
+ <fields>
+ <field>
+ <fieldname>disable</fieldname>
+ <fielddescr>Disable this tunnel</fielddescr>
+ <description>This allows you to disable this tunnel without removing it from the list.</description>
+ <required/>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fieldname>protocol</fieldname>
+ <fielddescr>Protocol</fielddescr>
+ <description>The protocol to be used for the VPN.</description>
+ <required/>
+ <type>select</type>
+ <options>
+ <option>
+ <value>TCP</value>
+ <name>TCP</name>
+ </option>
+ <option>
+ <value>UDP</value>
+ <name>UDP</name>
+ </option>
+ </options>
+ <default_value>UDP</default_value>
+ </field>
+ <field>
+ <fieldname>serveraddr</fieldname>
+ <fielddescr>Server address</fielddescr>
+ <description>This is the address OpenVPN will try to connect to in order to establish the tunnel. Set it to the remote endpoint's address.</description>
+ <required/>
+ <type>input</type>
+ </field>
+ <field>
+ <fieldname>serverport</fieldname>
+ <fielddescr>Server port</fielddescr>
+ <description>The port OpenVPN will use to connect to the server. Most people would want to use 1194 here.</description>
+ <required/>
+ <type>input</type>
+ <default_value>1194</default_value>
+ <size>5</size>
+ </field>
+ <field>
+ <fieldname>interface_ip</fieldname>
+ <fielddescr>Interface IP</fielddescr>
+ <description>This specifies the IPs to be assigned to the local interface. Expressed as a CIDR range. The first address in the range will be set to the remote endpoint of the interface, and the second will be assigned to the local endpoint. For TLS VPNs, the interface IPs are assigned by the server pool.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fieldname>remote_network</fieldname>
+ <fielddescr>Remote network</fielddescr>
+ <description>This is the network that will be accessable from your endpoint. Expressed as a CIDR range. You may leave this blank if all you want is to access the VPN clients. You normally want this set to the remote endpoint's LAN network.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fieldname>proxy_hostname</fieldname>
+ <fielddescr>Proxy Host</fielddescr>
+ <description>Proxy server hostname.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fieldname>proxy_port</fieldname>
+ <fielddescr>Proxy port</fielddescr>
+ <description>The port OpenVPN will use on the proxy server.</description>
+ <type>input</type>
+ <default_value>3128</default_value>
+ <size>5</size>
+ </field>
+ <field>
+ <fieldname>crypto</fieldname>
+ <fielddescr>Cryptography</fielddescr>
+ <description>Here you can choose the cryptography algorithm to be used.</description>
+ <required/>
+ <type>select</type>
+ <default_value>BF-CBC</default_value>
+ </field>
+ <field>
+ <fieldname>auth_method</fieldname>
+ <fielddescr>Authentication method</fielddescr>
+ <description>The authentication method to be used.</description>
+ <required/>
+ <type>select</type>
+ <options>
+ <option>
+ <value>shared_key</value>
+ <name>Shared key</name>
+ </option>
+ <option>
+ <value>pki</value>
+ <name>PKI (Public Key Infrastructure)</name>
+ </option>
+ </options>
+ <onchange>onAuthMethodChanged()</onchange>
+ </field>
+ <field>
+ <fieldname>shared_key</fieldname>
+ <fielddescr>Shared key</fielddescr>
+ <description>Paste your shared key here.</description>
+ <type>textarea</type>
+ <encoding>base64</encoding>
+ <rows>8</rows>
+ <cols>40</cols>
+ </field>
+ <field>
+ <fieldname>ca_cert</fieldname>
+ <fielddescr>CA certificate</fielddescr>
+ <description>Paste the server's CA certificate in X.509 format here.</description>
+ <type>textarea</type>
+ <encoding>base64</encoding>
+ <rows>8</rows>
+ <cols>40</cols>
+ </field>
+ <field>
+ <fieldname>client_cert</fieldname>
+ <fielddescr>Client certificate</fielddescr>
+ <description>Paste your client certificate in X.509 format here.</description>
+ <type>textarea</type>
+ <encoding>base64</encoding>
+ <rows>8</rows>
+ <cols>40</cols>
+ </field>
+ <field>
+ <fieldname>client_key</fieldname>
+ <fielddescr>Client key</fielddescr>
+ <description>Paste your client key in RSA format here.</description>
+ <type>textarea</type>
+ <encoding>base64</encoding>
+ <rows>8</rows>
+ <cols>40</cols>
+ </field>
+ <field>
+ <fieldname>tls</fieldname>
+ <fielddescr>TLS</fielddescr>
+ <description>Paste your HMAC signature (TLS) here (optional).</description>
+ <type>textarea</type>
+ <encoding>base64</encoding>
+ <rows>8</rows>
+ <cols>40</cols>
+ </field>
+ <field>
+ <fieldname>use_lzo</fieldname>
+ <fielddescr>LZO compression</fielddescr>
+ <description>Checking this will compress the packets using the LZO algorithm before sending them.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fieldname>use_shaper</fieldname>
+ <fielddescr>Limit outgoing bandwidth</fielddescr>
+ <description>Maximum outgoing bandwidth for this tunnel. Leave empty for no limit. The input value has to be something between 100 bytes/sec and 100 Mbytes/sec (entered as bytes per second).</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fieldname>use_dynamicport</fieldname>
+ <fielddescr>Dynamic sourceport</fielddescr>
+ <description>Checking this will let the openvpn client choose a dynamic sourceport for this connection.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fieldname>passtos</fieldname>
+ <fielddescr>Pass Type-Of-Service</fielddescr>
+ <description>Checking this will set the TOS field of the tunnel packet to what the payload's TOS is.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fieldname>infiniteresolvretry</fieldname>
+ <fielddescr>Infinitely resolve server</fielddescr>
+ <description>Infinitely retry to resolve the host name of the OpenVPN server. Useful for not permanently internet-connected machines.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fieldname>custom_options</fieldname>
+ <fielddescr>Custom options</fielddescr>
+ <description>You can put your own custom options here, separated by semi-colons (;). They'll be added to the client configuration.</description>
+ <type>textarea</type>
+ <cols>65</cols>
+ <rows>5</rows>
+ </field>
+ <field>
+ <fieldname>description</fieldname>
+ <fielddescr>Description</fielddescr>
+ <description>You may enter a description here. This is optional and is not parsed.</description>
+ <type>input</type>
+ </field>
+ </fields>
+ <custom_php_command_before_form>
+ openvpn_get_ciphers(&amp;$pkg);
+ </custom_php_command_before_form>
+ <custom_php_after_head_command>
+ openvpn_print_javascript('client');
+ </custom_php_after_head_command>
+ <custom_php_after_form_command>
+ openvpn_print_javascript2();
+ </custom_php_after_form_command>
+ <custom_php_validation_command>
+ openvpn_validate_input('client', $_POST, &amp;$input_errors);
+ </custom_php_validation_command>
+ <custom_php_resync_config_command>
+ openvpn_resync('client', $id);
+ </custom_php_resync_config_command>
+</packagegui>
diff --git a/config/ovpnenhance/openvpn_csc.xml_tls b/config/ovpnenhance/openvpn_csc.xml_tls
new file mode 100644
index 00000000..1025ad09
--- /dev/null
+++ b/config/ovpnenhance/openvpn_csc.xml_tls
@@ -0,0 +1,169 @@
+<packagegui>
+ <name>openvpncsc</name>
+ <title>OpenVPN: Client-specific configuration</title>
+ <include_file>openvpn.inc</include_file>
+ <delete_string>An OpenVPN client-specific configuration has been deleted.</delete_string>
+ <addedit_string>An OpenVPN client-specific configuration has been created/modified.</addedit_string>
+ <tabs>
+ <tab>
+ <text>Server</text>
+ <url>/pkg.php?xml=openvpn.xml</url>
+ </tab>
+ <tab>
+ <text>Client</text>
+ <url>/pkg.php?xml=openvpn_cli.xml</url>
+ </tab>
+ <tab>
+ <text>Client-specific configuration</text>
+ <url>/pkg.php?xml=openvpn_csc.xml</url>
+ <active/>
+ </tab>
+ </tabs>
+ <adddeleteeditpagefields>
+ <columnitem>
+ <fieldname>disable</fieldname>
+ <fielddescr>Disabled</fielddescr>
+ <type>checkbox</type>
+ </columnitem>
+ <columnitem>
+ <fieldname>commonname</fieldname>
+ <fielddescr>Common name</fielddescr>
+ </columnitem>
+ <columnitem>
+ <fieldname>description</fieldname>
+ <fielddescr>Description</fielddescr>
+ </columnitem>
+ </adddeleteeditpagefields>
+ <fields>
+ <field>
+ <fieldname>disable</fieldname>
+ <fielddescr>Disabled</fielddescr>
+ <description>Set this option to disable this client-specific configuration without removing it from the list.</description>
+ <required/>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fieldname>commonname</fieldname>
+ <fielddescr>Common name</fielddescr>
+ <description>Enter the client's X.509 common name here.</description>
+ <required/>
+ <type>input</type>
+ </field>
+ <field>
+ <fieldname>block</fieldname>
+ <fielddescr>Blocked</fielddescr>
+ <description>Check this to block (disable) this client, based on its common name. Don't use this option to disable a client due to key or password compromise. Use a CRL (certificate revocation list) instead.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fieldname>push_reset</fieldname>
+ <fielddescr>Push reset</fielddescr>
+ <description>Setting this option will make this client not inherit the global push options.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fieldname>ifconfig_push</fieldname>
+ <fielddescr>Interface IP</fielddescr>
+ <description>Set this option to push an IP to the client's interface. Expressed as a CIDR range (e.g. 10.5.0.0/16). The first IP in the range will be used as the remote IP of the interface, and the second IP will be used as the local IP of the interface.</description>
+ <type>input</type>
+ </field>
+
+ <field>
+ <fieldname>dhcp_domainname</fieldname>
+ <fielddescr>DHCP-Opt.: DNS-Domainname</fielddescr>
+ <description>Set connection-specific DNS Suffix.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fieldname>dhcp_dns</fieldname>
+ <fielddescr>DHCP-Opt.: DNS-Server</fielddescr>
+ <description>Set domain name server addresses, separated by semi-colons (;).</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fieldname>dhcp_wins</fieldname>
+ <fielddescr>DHCP-Opt.: WINS-Server</fielddescr>
+ <description>Set WINS server addresses (NetBIOS over TCP/IP Name Server), separated by semi-colons (;).</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fieldname>dhcp_nbdd</fieldname>
+ <fielddescr>DHCP-Opt.: NBDD-Server</fielddescr>
+ <description>Set NBDD server addresses (NetBIOS over TCP/IP Datagram Distribution Server), separated by semi-colons (;).</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fieldname>dhcp_ntp</fieldname>
+ <fielddescr>DHCP-Opt.: NTP-Server</fielddescr>
+ <description>Set NTP server addresses (Network Time Protocol), separated by semi-colons (;).</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fieldname>dhcp_nbttype</fieldname>
+ <fielddescr>DHCP-Opt.: NetBIOS node type</fielddescr>
+ <description>Set NetBIOS over TCP/IP Node type. Possible options: b-node (broadcasts), p-node (point-to-point name queries to a WINS server), m-node (broadcast then query name server), and h-node (query name server, then broadcast).</description>
+ <type>select</type>
+ <options>
+ <option>
+ <value>0</value>
+ <name>none</name>
+ </option>
+ <option>
+ <value>1</value>
+ <name>b-node</name>
+ </option>
+ <option>
+ <value>2</value>
+ <name>p-node</name>
+ </option>
+ <option>
+ <value>4</value>
+ <name>m-node</name>
+ </option>
+ <option>
+ <value>8</value>
+ <name>h-node</name>
+ </option>
+ </options>
+ <default_value>0</default_value>
+ </field>
+ <field>
+ <fieldname>dhcp_nbtscope</fieldname>
+ <fielddescr>DHCP-Opt.: NetBIOS Scope</fielddescr>
+ <description>Set NetBIOS over TCP/IP Scope. A NetBIOS Scope ID provides an extended naming service for NetBIOS over TCP/IP. The NetBIOS scope ID isolates NetBIOS traffic on a single network to only those nodes with the same NetBIOS scope ID.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fieldname>dhcp_nbtdisable</fieldname>
+ <fielddescr>DHCP-Opt.: Disable NetBIOS</fielddescr>
+ <description>If this option is set, Netbios-over-TCP/IP will be disabled.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fieldname>gwredir</fieldname>
+ <fielddescr>Redirect Gateway</fielddescr>
+ <description>Redirect ALL traffic through the OpenVPN server.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fieldname>custom_options</fieldname>
+ <fielddescr>Custom options</fielddescr>
+ <description>You can put your own custom options here, separated by semi-colons (;). They'll be added to the client-specific configuration.</description>
+ <type>textarea</type>
+ <cols>65</cols>
+ <rows>5</rows>
+ </field>
+ <field>
+ <fieldname>description</fieldname>
+ <fielddescr>Description</fielddescr>
+ <description>You may enter a description here for your reference (not parsed).</description>
+ <type>input</type>
+ </field>
+ </fields>
+ <custom_php_validation_command>
+ openvpn_validate_input_csc($_POST, &amp;$input_errors);
+ </custom_php_validation_command>
+ <custom_php_resync_config_command>
+ openvpn_resync_csc($id);
+ </custom_php_resync_config_command>
+</packagegui>
diff --git a/config/ovpnenhance/ovpnenhance.inc b/config/ovpnenhance/ovpnenhance.inc
new file mode 100644
index 00000000..4c2a82db
--- /dev/null
+++ b/config/ovpnenhance/ovpnenhance.inc
@@ -0,0 +1,13 @@
+<?php
+
+function ovpnenhance_install() {
+ global $g, $config;
+
+mwexec("mv /usr/local/pkg/openvpn.inc_tls /usr/local/pkg/openvpn.inc");
+mwexec("mv /usr/local/pkg/openvpn.xml_tls /usr/local/pkg/openvpn.xml");
+mwexec("mv /usr/local/pkg/openvpn_cli.xml_tls /usr/local/pkg/openvpn_cli.xml");
+mwexec("mv /usr/local/pkg/openvpn_csc.xml_tls /usr/local/pkg/openvpn_csc.xml");
+mwexec("rm /usr/local/pkg/ovpnenhance.inc");
+}
+
+?> \ No newline at end of file
diff --git a/config/ovpnenhance/ovpnenhance.xml b/config/ovpnenhance/ovpnenhance.xml
new file mode 100644
index 00000000..52d013d8
--- /dev/null
+++ b/config/ovpnenhance/ovpnenhance.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
+<packagegui>
+ <description>Enhance OpenVPN with TLS-auth and client/server-options</description>
+ <requirements>pfSense 1.2.x</requirements>
+ <faq>Enhances OpenVPN with TLS-auth and client/server-options. Cannot be uninstalled.</faq>
+ <name>ovpnenhance</name>
+ <version>0.1</version>
+ <title>ovpnenhance</title>
+ <include_file>/usr/local/pkg/ovpnenhance.inc</include_file>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/ovpnenhance/ovpnenhance.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/ovpnenhance/openvpn.inc_tls</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/ovpnenhance/openvpn.xml_tls</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/ovpnenhance/openvpn_cli.xml_tls</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>077</chmod>
+ <item>http://www.pfsense.com/packages/config/ovpnenhance/openvpn_csc.xml_tls</item>
+ </additional_files_needed>
+ <custom_php_install_command>
+ ovpnenhance_install();
+ </custom_php_install_command>
+</packagegui>
diff --git a/config/shellcmd/shellcmd.inc b/config/shellcmd/shellcmd.inc
new file mode 100644
index 00000000..76ceeb31
--- /dev/null
+++ b/config/shellcmd/shellcmd.inc
@@ -0,0 +1,124 @@
+<?php
+/* $Id$ */
+/*
+/* ========================================================================== */
+/*
+ shellcmd.inc
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("services.inc");
+
+function pkg_is_service_running($servicename)
+{
+ exec("/bin/ps ax | awk '{ print $5 }'", $psout);
+ array_shift($psout);
+ foreach($psout as $line) {
+ $ps[] = trim(array_pop(explode(' ', array_pop(explode('/', $line)))));
+ }
+ if(is_service_running($servicename, $ps) or is_process_running($servicename) ) {
+ return true;
+ }
+ else {
+ return false;
+ }
+}
+
+function php_sync_package()
+{
+
+ global $config;
+ //synch shellcmd tab
+ //configure_shellcmd();
+ //$handle = popen("/usr/local/etc/rc.d/shellcmd.sh stop", "r");
+ //pclose($handle);
+ //$handle = popen("/usr/local/etc/rc.d/shellcmd.sh start", "r");
+ //pclose($handle);
+
+}
+
+
+function php_install_command()
+{
+
+ global $config;
+ conf_mount_rw();
+ config_lock();
+
+ if (!is_dir('/usr/local/www/packages/')) {
+ exec("mkdir /usr/local/www/packages/");
+ }
+
+ if (!is_dir('/usr/local/www/packages/shellcmd/')) {
+ exec("mkdir /usr/local/www/packages/shellcmd/");
+ }
+
+
+ //rename PHP files from .tmp to .php
+ exec("cp /tmp/shellcmd.tmp /usr/local/www/packages/shellcmd/shellcmd.php");
+ unlink_if_exists("/tmp/shellcmd.tmp");
+
+ exec("cp /tmp/shellcmd_edit.tmp /usr/local/www/packages/shellcmd/shellcmd_edit.php");
+ unlink_if_exists("/tmp/shellcmd_edit.tmp");
+
+ //write_config();
+
+ //write_rcfile(array(
+ // "file" => "shellcmd.sh",
+ // "start" => "/usr/sbin/shellcmd -s &",
+ // "stop" => "kill -9 `cat /var/run/shellcmd.pid`"
+ // )
+ //);
+
+ php_sync_package();
+
+ //if (pkg_is_service_running('shellcmd')) {
+ //documentation purposes
+ //}
+
+ conf_mount_ro();
+ config_unlock();
+
+}
+
+
+function deinstall_command()
+{
+
+ conf_mount_rw();
+ config_lock();
+ $handle = popen("/usr/local/etc/rc.d/shellcmd.sh stop", "r");
+ unlink_if_exists("/usr/local/pkg/shellcmd.xml");
+ unlink_if_exists("/usr/local/www/shellcmd.inc");
+ exec("rm -R /usr/local/www/packages/shellcmd");
+ //unlink_if_exists("/usr/local/etc/rc.d/shellcmd.sh");
+ conf_mount_ro();
+ config_unlock();
+
+}
+
+?> \ No newline at end of file
diff --git a/config/shellcmd/shellcmd.tmp b/config/shellcmd/shellcmd.tmp
new file mode 100644
index 00000000..5bb387da
--- /dev/null
+++ b/config/shellcmd/shellcmd.tmp
@@ -0,0 +1,230 @@
+<?php
+/* $Id$ */
+/*
+ shellcmd.php
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+require("/usr/local/pkg/shellcmd.inc");
+
+$a_earlyshellcmd = &$config['system']['earlyshellcmd'];
+$a_shellcmd = &$config['system']['shellcmd'];
+//$a_afterfilterchangeshellcmd = &$config['system']['afterfilterchangeshellcmd'];
+
+
+include("head.inc");
+
+?>
+
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">Shellcmd: Settings</p>
+
+<div id="mainlevel">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td class="tabnavtbl">
+<?php
+
+ $tab_array = array();
+ $tab_array[] = array(gettext("Settings"), false, "/packages/shellcmd/shellcmd.php");
+ display_top_tabs($tab_array);
+
+?>
+</td></tr>
+</table>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="tabcont" >
+
+<form action="shellcmd.php" method="post" name="iform" id="iform">
+<?php
+
+//if ($savemsg) print_info_box($savemsg);
+//if (file_exists($d_hostsdirty_path)): echo"<p>";
+//print_info_box_np("This is an info box.");
+//echo"<br />";
+//endif;
+
+?>
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td><p><!--<span class="vexpl"><span class="red"><strong>shellcmd<br></strong></span>-->
+ The shellcmd utility is used to manage commands on system startup.
+ <br /><br />
+ <!--For more information see: <a href='http://www.' target='_blank'>http://www.</a>-->
+ </p></td>
+ </tr>
+ </table>
+ <br />
+
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td width="50%" class="listhdrr">Command</td>
+ <td width="30%" class="listhdrr">Type</td>
+ <td width="10%" class="list">
+
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td width="17"></td>
+ <td valign="middle"><a href="shellcmd_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ </table>
+
+ </td>
+ </tr>
+
+
+<?php
+
+ $i = 0;
+ if (count($a_earlyshellcmd) > 0) {
+ //if (isset($a_earlyshellcmd[0]["command"])) {
+ foreach ($a_earlyshellcmd as $ent) {
+ if (strlen($ent['command']) > 0) {
+ echo " <tr>\n";
+ echo " <td class=\"listr\" ondblclick=\"document.location='shellcmd_edit.php?id=".$i."';\">\n";
+ echo " ".$ent['command']."&nbsp;\n";
+ echo " </td>\n";
+ echo " <td class=\"listbg\" ondblclick=\"document.location='shellcmd_edit.php?id=".$i."';\">\n";
+ echo " earlyshellcmd &nbsp;\n";
+ echo " </td>\n";
+ echo " <td valign=\"middle\" nowrap class=\"list\">\n";
+ echo " <table border=\"0\" cellspacing=\"0\" cellpadding=\"1\">\n";
+ echo " <tr>\n";
+ echo " <td valign=\"middle\"><a href=\"shellcmd_edit.php?t=earlyshellcmd&id=".$i."\"><img src=\"/themes/".$g['theme']."/images/icons/icon_e.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n";
+ echo " <td><a href=\"shellcmd_edit.php?t=earlyshellcmd&type=cmd&act=del&id=".$i."\" onclick=\"return confirm('Do you really want to delete this?')\"><img src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n";
+ echo " </tr>\n";
+ echo " </table>\n";
+ echo " </td>\n";
+ echo " </tr>";
+ }
+ $i++;
+ }
+ //}
+ }
+
+
+ $i = 0;
+ if (count($a_shellcmd) > 0) {
+ //if (isset($a_shellcmd[0]["command"])) {
+ foreach ($a_shellcmd as $ent) {
+ if (strlen($ent['command']) > 0) {
+ echo " <tr>\n";
+ echo " <td class=\"listr\" ondblclick=\"document.location='shellcmd_edit.php?id=".$i."';\">\n";
+ echo " ".$ent['command']."&nbsp;\n";
+ echo " </td>\n";
+ echo " <td class=\"listbg\" ondblclick=\"document.location='shellcmd_edit.php?id=".$i."';\">\n";
+ echo " shellcmd &nbsp;\n";
+ echo " </td>\n";
+ echo " <td valign=\"middle\" nowrap class=\"list\">\n";
+ echo " <table border=\"0\" cellspacing=\"0\" cellpadding=\"1\">\n";
+ echo " <tr>\n";
+ echo " <td valign=\"middle\"><a href=\"shellcmd_edit.php?t=shellcmd&id=".$i."\"><img src=\"/themes/".$g['theme']."/images/icons/icon_e.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n";
+ echo " <td><a href=\"shellcmd_edit.php?t=shellcmd&type=cmd&act=del&id=".$i."\" onclick=\"return confirm('Do you really want to delete this?')\"><img src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n";
+ echo " </tr>\n";
+ echo " </table>\n";
+ echo " </td>\n";
+ echo " </tr>";
+ }
+ $i++;
+ }
+ //}
+ }
+
+ /*
+ $i = 0;
+ if (count($a_afterfilterchangeshellcmd) > 0) {
+ //if (isset($a_afterfilterchangeshellcmd[0]["command"])) {
+ foreach ($a_afterfilterchangeshellcmd as $ent) {
+ if (strlen($ent['command']) > 0) {
+ echo " <tr>\n";
+ echo " <td class=\"listr\" ondblclick=\"document.location='shellcmd_edit.php?id=".$i."';\">\n";
+ echo " ".$ent['command']."&nbsp;\n";
+ echo " </td>\n";
+ echo " <td class=\"listr\" ondblclick=\"document.location='shellcmd_edit.php?id=".$i."';\">\n";
+ echo " afterfilterchangeshellcmd&nbsp;\n";
+ echo " </td>\n";
+ echo " <td valign=\"middle\" nowrap class=\"list\">\n";
+ echo " <table border=\"0\" cellspacing=\"0\" cellpadding=\"1\">\n";
+ echo " <tr>\n";
+ echo " <td valign=\"middle\"><a href=\"shellcmd_edit.php?t=afterfilterchangeshellcmd&id=".$i."\"><img src=\"/themes/".$g['theme']."/images/icons/icon_e.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n";
+ echo " <td><a href=\"shellcmd_edit.php?t=afterfilterchangeshellcmd&type=cmd&act=del&id=".$i."\" onclick=\"return confirm('Do you really want to delete this?')\"><img src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n";
+ echo " </tr>\n";
+ echo " </table>\n";
+ echo " </td>\n";
+ echo " </tr>";
+ }
+ $i++;
+ }
+ //}
+
+ }
+ */
+?>
+
+ <tr>
+ <td class="list" colspan="2"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td width="17"></td>
+ <td valign="middle"><a href="shellcmd_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+
+
+ <tr>
+ <td class="list" colspan="3"></td>
+ <td class="list"></td>
+ </tr>
+ </table>
+
+</form>
+
+
+<br>
+<br>
+<br>
+<br>
+<br>
+<br>
+<br>
+<br>
+
+</td>
+</tr>
+</table>
+
+</div>
+
+
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/shellcmd/shellcmd.xml b/config/shellcmd/shellcmd.xml
new file mode 100644
index 00000000..0f9469a6
--- /dev/null
+++ b/config/shellcmd/shellcmd.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ shellcmd.xml
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>Shellcmd</description>
+ <requirements>Describe your package requirements here</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
+ <name>Shellcmd Settings</name>
+ <version>0.3</version>
+ <title>Settings</title>
+ <include_file>/usr/local/pkg/shellcmd.inc</include_file>
+ <menu>
+ <name>Shellcmd</name>
+ <tooltiptext>shellcmd settings.</tooltiptext>
+ <section>Services</section>
+ <configfile>shellcmd.xml</configfile>
+ <url>/packages/shellcmd/shellcmd.php</url>
+ </menu>
+ <tabs>
+ <tab>
+ <text>Settings</text>
+ <url>/pkg_edit.php?xml=shellcmd.xml&amp;id=0</url>
+ <active/>
+ </tab>
+ <tab>
+ <text>Settings</text>
+ <url>/packages/shellcmd/shellcmd.php</url>
+ <active/>
+ </tab>
+ </tabs>
+ <configpath>installedpackages->package->$packagename->configuration->shellcmd</configpath>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ <item>http://www.pfsense.com/packages/config/shellcmd/shellcmd.xml</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ <item>http://www.pfsense.com/packages/config/shellcmd/shellcmd.inc</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/tmp/</prefix>
+ <chmod>0755</chmod>
+ <item>http://www.pfsense.com/packages/config/shellcmd/shellcmd.tmp</item>
+ </additional_files_needed>
+ <additional_files_needed>
+ <prefix>/tmp/</prefix>
+ <chmod>0755</chmod>
+ <item>http://www.pfsense.com/packages/config/shellcmd/shellcmd_edit.tmp</item>
+ </additional_files_needed>
+ <fields>
+ <field>
+ <fielddescr>Variable One</fielddescr>
+ <fieldname>var1</fieldname>
+ <description>Enter the variable one here.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fielddescr>Variable Two</fielddescr>
+ <fieldname>var1</fieldname>
+ <description>Enter the variable one here.</description>
+ <type>input</type>
+ </field>
+ </fields>
+ <custom_add_php_command>
+ </custom_add_php_command>
+ <custom_php_resync_config_command>
+ php_sync_package();
+ </custom_php_resync_config_command>
+ <custom_delete_php_command>
+ php_sync_package();
+ </custom_delete_php_command>
+ <custom_php_install_command>
+ php_install_command();
+ </custom_php_install_command>
+ <custom_php_deinstall_command>
+ deinstall_command();
+ </custom_php_deinstall_command>
+</packagegui> \ No newline at end of file
diff --git a/config/shellcmd/shellcmd_edit.tmp b/config/shellcmd/shellcmd_edit.tmp
new file mode 100644
index 00000000..e8a5f5e7
--- /dev/null
+++ b/config/shellcmd/shellcmd_edit.tmp
@@ -0,0 +1,301 @@
+<?php
+/* $Id$ */
+/*
+
+ shellcmd_edit.php
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+require("/usr/local/pkg/shellcmd.inc");
+
+
+$id = $_GET['id'];
+if (strlen($_POST['id'])>0) {
+ $id = $_POST['id'];
+}
+
+$type = $_GET['t'];
+if (strlen($_POST['t'])>0) {
+ $type = $_POST['t'];
+}
+
+if ($_GET['act'] == "del") {
+ if ($_GET['type'] == 'cmd') {
+
+ switch (htmlspecialchars($type)) {
+ case "earlyshellcmd":
+ $a_earlyshellcmd = &$config['system']['earlyshellcmd'];
+ unset($a_earlyshellcmd[$_GET['id']]);
+ write_config();
+ php_sync_package();
+ header("Location: shellcmd.php");
+ exit;
+ break;
+ case "shellcmd":
+ $a_shellcmd = &$config['system']['shellcmd'];
+ unset($a_shellcmd[$_GET['id']]);
+ write_config();
+ php_sync_package();
+ header("Location: shellcmd.php");
+ exit;
+ break;
+ case "afterfilterchangeshellcmd":
+ // $a_afterfilterchangeshellcmd = &$config['system']['afterfilterchangeshellcmd'];
+ // unset($a_afterfilterchangeshellcmd[$_GET['id']]);
+ // write_config();
+ // php_sync_package();
+ // header("Location: shellcmd.php");
+ // exit;
+ break;
+ default:
+ break;
+ }
+
+ }
+}
+
+//get value for the form edit value
+if (strlen($id) > 0) {
+
+ switch (htmlspecialchars($type)) {
+ case "earlyshellcmd":
+ $a_earlyshellcmd = &$config['system']['earlyshellcmd'];
+ if ($a_earlyshellcmd[$id]) {
+ $pconfig['command'] = $a_earlyshellcmd[$id]['command'];
+ }
+ break;
+ case "shellcmd":
+ $a_shellcmd = &$config['system']['shellcmd'];
+ if ($a_shellcmd[$id]) {
+ $pconfig['command'] = $a_shellcmd[$id]['command'];
+ }
+ break;
+ case "afterfilterchangeshellcmd":
+ //$a_afterfilterchangeshellcmd = &$config['system']['afterfilterchangeshellcmd'];
+ //if ($a_afterfilterchangeshellcmd[$id]) {
+ // $pconfig['command'] = $a_afterfilterchangeshellcmd[$id]['command'];
+ //}
+ break;
+ default:
+ break;
+ }
+
+}
+
+if ($_POST) {
+
+ unset($input_errors);
+
+ if (!$input_errors) {
+ if (strlen($_POST['command']) > 0) {
+ $ent = array();
+ $ent['command'] = $_POST['command'];
+
+ if (strlen($id)>0) {
+ //update
+
+ switch (htmlspecialchars($type)) {
+ case "earlyshellcmd":
+ $a_earlyshellcmd = &$config['system']['earlyshellcmd'];
+ if ($a_earlyshellcmd[$id]) {
+ $a_earlyshellcmd[$id] = $ent;
+ }
+ break;
+ case "shellcmd":
+ $a_shellcmd = &$config['system']['shellcmd'];
+ if ($a_shellcmd[$id]) {
+ $a_shellcmd[$id] = $ent;
+ }
+ break;
+ case "afterfilterchangeshellcmd":
+ //$a_afterfilterchangeshellcmd = &$config['system']['afterfilterchangeshellcmd'];
+ //if ($a_afterfilterchangeshellcmd[$id]) {
+ // $a_afterfilterchangeshellcmd[$id] = $ent;
+ //}
+ break;
+ default:
+ break;
+ }
+
+ }
+ else {
+ //add
+ switch (htmlspecialchars($type)) {
+ case "earlyshellcmd":
+ $a_earlyshellcmd = &$config['system']['earlyshellcmd'];
+ $a_earlyshellcmd[] = $ent;
+ break;
+ case "shellcmd":
+ $a_shellcmd = &$config['system']['shellcmd'];
+ $a_shellcmd[] = $ent;
+ break;
+ case "afterfilterchangeshellcmd":
+ //$a_afterfilterchangeshellcmd = &$config['system']['afterfilterchangeshellcmd'];
+ //$a_afterfilterchangeshellcmd[] = $ent;
+ break;
+ default:
+ break;
+ }
+
+ }
+
+ write_config();
+ php_sync_package();
+ }
+
+ header("Location: shellcmd.php");
+ exit;
+ }
+}
+
+include("head.inc");
+
+?>
+
+<script type="text/javascript" language="JavaScript">
+
+function show_advanced_config() {
+ document.getElementById("showadvancedbox").innerHTML='';
+ aodiv = document.getElementById('showadvanced');
+ aodiv.style.display = "block";
+</script>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">Shellcmd: Edit</p>
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+
+
+<div id="mainlevel">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td class="tabnavtbl">
+<?php
+
+ $tab_array = array();
+ $tab_array[] = array(gettext("Settings"), false, "/packages/shellcmd/shellcmd.php");
+ display_top_tabs($tab_array);
+
+?>
+</td></tr>
+</table>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="tabcont" >
+
+ <!--
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td><p><span class="vexpl"><span class="red"><strong>shellcmd<br>
+ </strong></span>
+ </p></td>
+ </tr>
+ </table>
+ -->
+ <br />
+
+
+ <form action="shellcmd_edit.php" method="post" name="iform" id="iform">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="25%" valign="top" class="vncellreq">Command</td>
+ <td width="75%" class="vtable">
+ <input name="command" type="text" class="formfld" id="command" size="40" value="<?=htmlspecialchars($pconfig['command']);?>">
+ </td>
+ </tr>
+
+ <tr>
+ <td width="25%" valign="top" class="vncellreq">Type</td>
+ <td width="75%" class="vtable">
+ <?php
+ echo " <select name='t' class='formfld'>\n";
+ echo " <option></option>\n";
+ switch (htmlspecialchars($type)) {
+ case "earlyshellcmd":
+ echo " <option value='earlyshellcmd' selected='yes'>earlyshellcmd</option>\n";
+ echo " <option value='shellcmd'>shellcmd</option>\n";
+ //echo " <option value='afterfilterchangeshellcmd'>afterfilterchangeshellcmd</option>\n";
+ break;
+ case "shellcmd":
+ echo " <option value='earlyshellcmd'>earlyshellcmd</option>\n";
+ echo " <option value='shellcmd' selected='yes'>shellcmd</option>\n";
+ //echo " <option value='afterfilterchangeshellcmd'>afterfilterchangeshellcmd</option>\n";
+ break;
+ case "afterfilterchangeshellcmd":
+ //echo " <option value='earlyshellcmd'>earlyshellcmd</option>\n";
+ //echo " <option value='shellcmd'>shellcmd</option>\n";
+ //echo " <option value='afterfilterchangeshellcmd' selected='yes'>afterfilterchangeshellcmd</option>\n";
+ break;
+ default:
+ echo " <option value=''></option>\n";
+ echo " <option value='earlyshellcmd'>earlyshellcmd</option>\n";
+ echo " <option value='shellcmd'>shellcmd</option>\n";
+ //echo " <option value='afterfilterchangeshellcmd'>afterfilterchangeshellcmd</option>\n";
+ break;
+ }
+ echo " </select>\n";
+ ?>
+ </td>
+ </tr>
+
+
+ <!--
+ <tr>
+ <td width="25%" valign="top" class="vncellreq">Description</td>
+ <td width="75%" class="vtable">
+ <input name="description" type="text" class="formfld" id="description" size="40" value="<?=htmlspecialchars($pconfig['description']);?>">
+ <br><span class="vexpl">Enter the description here.<br></span>
+ </td>
+ </tr>
+ -->
+
+ <tr>
+ <td valign="top">&nbsp;</td>
+ <td>
+ <?php if (strlen($id)>0) { ?>
+ <input name="id" type="hidden" value="<?=$id;?>">
+ <?php }; ?>
+ <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()">
+ </td>
+ </tr>
+ </table>
+ </form>
+
+ <br>
+ <br>
+ <br>
+ <br>
+ <br>
+ <br>
+
+ </td>
+ </tr>
+</table>
+
+</div>
+
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/squid/squid.inc b/config/squid/squid.inc
index 0f94c1e5..dbd8267f 100644
--- a/config/squid/squid.inc
+++ b/config/squid/squid.inc
@@ -285,6 +285,10 @@ function squid_before_form_general($pkg) {
function squid_validate_general($post, $input_errors) {
global $config;
+ $settings = $config['installedpackages']['squid']['config'][0];
+ $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128);
+ $port = $post['proxy_port'] ? $post['proxy_port'] : $port;
+
$icp_port = trim($post['icp_port']);
if (!empty($icp_port) && !is_port($icp_port))
$input_errors[] = 'You must enter a valid port number in the \'ICP port\' field';
@@ -1218,63 +1222,70 @@ function squid_generate_rules($type) {
$ifaces = array_map('convert_friendly_interface_to_real_interface_name', $ifaces);
$port = ($squid_conf['proxy_port'] ? $squid_conf['proxy_port'] : 3128);
+ $fw_aliases = filter_generate_aliases();
+ if(strstr($fw_aliases, "pptp ="))
+ $PPTP_ALIAS = "\$pptp";
+ else
+ $PPTP_ALIAS = "\$PPTP";
+ if(strstr($fw_aliases, "PPPoE ="))
+ $PPPOE_ALIAS = "\$PPPoE";
+ else
+ $PPPOE_ALIAS = "\$pppoe";
+
switch($type) {
- case 'nat':
- $rules .= "\n# Setup Squid proxy redirect\n";
- if ($squid_conf['private_subnet_proxy_off'] == 'on') {
- foreach ($ifaces as $iface){
- $rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } port 80\n";
- }
- }
- if (!empty($squid_conf['defined_ip_proxy_off'])) {
- $defined_ip_proxy_off = explode(";", $squid_conf['defined_ip_proxy_off']);
- $exempt_ip = "";
- foreach ($defined_ip_proxy_off as $ip_proxy_off) {
- if(!empty($ip_proxy_off)) {
- $ip_proxy_off = trim($ip_proxy_off);
- $exempt_ip .= ", $ip_proxy_off";
+ case 'nat':
+ $rules .= "\n# Setup Squid proxy redirect\n";
+ if ($squid_conf['private_subnet_proxy_off'] == 'on') {
+ foreach ($ifaces as $iface) {
+ $rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } port 80\n";
}
}
- $exempt_ip = substr($exempt_ip,2);
+ if (!empty($squid_conf['defined_ip_proxy_off'])) {
+ $defined_ip_proxy_off = explode(";", $squid_conf['defined_ip_proxy_off']);
+ $exempt_ip = "";
+ foreach ($defined_ip_proxy_off as $ip_proxy_off) {
+ if(!empty($ip_proxy_off)) {
+ $ip_proxy_off = trim($ip_proxy_off);
+ $exempt_ip .= ", $ip_proxy_off";
+ }
+ }
+ $exempt_ip = substr($exempt_ip,2);
+ foreach ($ifaces as $iface) {
+ $rules .= "no rdr on $iface proto tcp from { $exempt_ip } to any port 80\n";
+ }
+ }
foreach ($ifaces as $iface) {
- $rules .= "no rdr on $iface proto tcp from { $exempt_ip } to any port 80\n";
- }
- }
- foreach ($ifaces as $iface) {
- $rules .= "rdr on $iface proto tcp from any to !($iface) port 80 -> 127.0.0.1 port 80\n";
- }
- /* Handle PPPOE case */
- if($config['pppoe']['mode'] == "off") {
- $rules .= "rdr on \$pppoe proto tcp from any to !(\$pppoe) port 80 -> 127.0.0.1 port 80\n";
- }
- /* Handle PPTP case */
-// if($config['pptpd']['mode'] != "off") {
-// <mode> is not present in config.xml after disabling "redir"
- if($config['pptpd']['mode'] == "server") {
- $rules .= "rdr on \$pptp proto tcp from any to !(\$pptp) port 80 -> 127.0.0.1 port 80\n";
- }
- $rules .= "\n";
- break;
- case 'filter':
- foreach ($ifaces as $iface){
- $rules .= "# Setup squid pass rules for proxy\n";
- $rules .= "pass in quick on $iface proto tcp from any to !($iface) port 80 flags S/SA keep state\n";
- $rules .= "pass in quick on $iface proto tcp from any to !($iface) port $port flags S/SA keep state\n";
+ $rules .= "rdr on $iface proto tcp from any to !($iface) port 80 -> 127.0.0.1 port 80\n";
+ }
+ /* Handle PPPOE case */
+ if($config['pppoe']['mode'] == "server" && $config['pppoe']['localip']) {
+ $rules .= "rdr on $PPPOE_ALIAS proto tcp from any to !127.0.0.1 port 80 -> 127.0.0.1 port 80\n";
+ }
+ /* Handle PPTP case */
+ if($config['pptpd']['mode'] == "server" && $config['pptpd']['localip']) {
+ $rules .= "rdr on $PPTP_ALIAS proto tcp from any to !127.0.0.1 port 80 -> 127.0.0.1 port 80\n";
+ }
$rules .= "\n";
- };
- if($config['pppoe']['mode'] == "off") {
- $rules .= "pass in quick on \$pppoe proto tcp from any to !(\$pppoe) port $port flags S/SA keep state\n";
- }
-// if($config['pptpd']['mode'] != "off") {
-// <mode> is not present in config.xml after disabling "redir"
- if($config['pptpd']['mode'] == "server") {
- $rules .= "pass in quick on \$pptp proto tcp from any to !(\$pptp) port $port flags S/SA keep state\n";
- }
- break;
- default:
- break;
+ break;
+ case 'filter':
+ foreach ($ifaces as $iface) {
+ $rules .= "# Setup squid pass rules for proxy\n";
+ $rules .= "pass in quick on $iface proto tcp from any to !($iface) port 80 flags S/SA keep state\n";
+ $rules .= "pass in quick on $iface proto tcp from any to !($iface) port $port flags S/SA keep state\n";
+ $rules .= "\n";
+ };
+ if($config['pppoe']['mode'] == "server" && $config['pppoe']['localip']) {
+ $rules .= "pass in quick on $PPPOE_ALIAS proto tcp from any to !127.0.0.1 port $port flags S/SA keep state\n";
+ }
+ if($config['pptpd']['mode'] == "server" && $config['pptpd']['localip']) {
+ $rules .= "pass in quick on $PPTP_ALIAS proto tcp from any to !127.0.0.1 port $port flags S/SA keep state\n";
+ }
+ break;
+ default:
+ break;
}
return $rules;
}
-?>
+
+?> \ No newline at end of file
diff --git a/config/squidGuard/squidguard.xml b/config/squidGuard/squidguard.xml
index b00e9ed8..e38da835 100644
--- a/config/squidGuard/squidguard.xml
+++ b/config/squidGuard/squidguard.xml
@@ -7,13 +7,13 @@
<faq>Currently there are no FAQ items provided.</faq>
<name>squidguardgeneral</name>
- <version>1.2.0_1</version>
- <title>Proxy Content filter SquidGuard: General settings</title>
+ <version>1.2.0_2</version>
+ <title>Proxy filter SquidGuard: General settings</title>
<include_file>/usr/local/pkg/squidguard.inc</include_file>
<!-- Installation -->
<menu>
- <name>Proxy Content filter</name>
+ <name>Proxy filter</name>
<tooltiptext>Modify the proxy server's filter settings</tooltiptext>
<section>Services</section>
<url>/pkg_edit.php?xml=squidguard.xml&amp;id=0</url>
diff --git a/config/squidGuard/squidguard_acl.xml b/config/squidGuard/squidguard_acl.xml
index a71979a3..fda12197 100644
--- a/config/squidGuard/squidguard_acl.xml
+++ b/config/squidGuard/squidguard_acl.xml
@@ -8,7 +8,7 @@
<name>squidguardacl</name>
<version>none</version>
- <title>Proxy Content filter SquidGuard: Access Control List (ACL)</title>
+ <title>Proxy filter SquidGuard: Access Control List (ACL)</title>
<include_file>/usr/local/pkg/squidguard.inc</include_file>
<delete_string>A proxy server user has been deleted.</delete_string>
@@ -223,7 +223,7 @@
<fielddescr>Spec: Use safe search engine</fielddescr>
<fieldname>safesearch</fieldname>
<description>
- To protect your children from adult content, you can use the protected mode of search engines.
+ To protect your children from adult content, you can use the protected mode of search engines.
Now it is supported by Google, Yandex, Yahoo, MSN, Live Search. Make sure that the search engines can, and others, it is recommended to prohibit.
&lt;br&gt;Note: ! This option overrides 'Rewrite' setting. !
</description>
diff --git a/config/squidGuard/squidguard_configurator.inc b/config/squidGuard/squidguard_configurator.inc
index f683a19c..1d609e2a 100644
--- a/config/squidGuard/squidguard_configurator.inc
+++ b/config/squidGuard/squidguard_configurator.inc
@@ -52,8 +52,8 @@ require_once('squid.inc');
/* Allow additional execution time 0 = no limit. */
ini_set('max_execution_time', '3600');
-ini_set('max_input_time', '3600');
-ini_set('memory_limit', '32M');
+ini_set('max_input_time', '3600');
+ini_set('memory_limit', '100M');
# ------------------------------------------------------------------------------
# files header
@@ -872,7 +872,8 @@ function sg_create_config()
}
# log
- sg_addlog("sg_create_config: add rewrites: \n success $log_entr_added \n error $log_entr_err", 1);
+ if (!empty($log_entr_added)) sg_addlog("sg_create_config: add rewrites: success $log_entr_added", 1);
+ if (!empty($log_entr_err)) sg_addlog("sg_create_config: add rewrites: error $log_entr_err", 1);
}
# ----------------------------------------
diff --git a/config/squidGuard/squidguard_default.xml b/config/squidGuard/squidguard_default.xml
index 78401918..f3a7428c 100644
--- a/config/squidGuard/squidguard_default.xml
+++ b/config/squidGuard/squidguard_default.xml
@@ -8,7 +8,7 @@
<name>squidguarddefault</name>
<version>none</version>
- <title>Proxy Content filter SquidGuard: Default</title>
+ <title>Proxy filter SquidGuard: Default</title>
<include_file>/usr/local/pkg/squidguard.inc</include_file>
<tabs>
@@ -106,7 +106,7 @@
<fielddescr>Spec: Use safe search engine</fielddescr>
<fieldname>safesearch</fieldname>
<description>
- To protect your children from adult content, you can use the protected mode of search engines.
+ To protect your children from adult content, you can use the protected mode of search engines.
Now it is supported by Google, Yandex, Yahoo, MSN, Live Search. Make sure that the search engines can, and others, it is recommended to prohibit.
&lt;br&gt;Note: ! This option overrides 'Rewrite' setting. !
</description>
diff --git a/config/squidGuard/squidguard_dest.xml b/config/squidGuard/squidguard_dest.xml
index fa9d4ac2..35bbb6f8 100644
--- a/config/squidGuard/squidguard_dest.xml
+++ b/config/squidGuard/squidguard_dest.xml
@@ -8,7 +8,7 @@
<name>squidguarddest</name>
<version>none</version>
- <title>Proxy Content filter SquidGuard: Destinations</title>
+ <title>Proxy filter SquidGuard: Destinations</title>
<include_file>/usr/local/pkg/squidguard.inc</include_file>
<delete_string>A proxy server user has been deleted.</delete_string>
diff --git a/config/squidGuard/squidguard_log.xml b/config/squidGuard/squidguard_log.xml
index ae781562..ed3c7a9d 100644
--- a/config/squidGuard/squidguard_log.xml
+++ b/config/squidGuard/squidguard_log.xml
@@ -8,7 +8,7 @@
<name>squidguardlog</name>
<version>none</version>
- <title>Proxy Content filter SquidGuard: Log</title>
+ <title>Proxy filter SquidGuard: Log</title>
<include_file>/usr/local/pkg/squidguard.inc</include_file>
<delete_string>A proxy server user has been deleted.</delete_string>
@@ -29,7 +29,7 @@
</tab>
<tab>
<text>Destinations</text>
- <url>/pkg.php?xml=squidguard_dest.xml</url>
+ <url>/pkg.php?xml=squidguard_dest.xml</url>
</tab>
<tab>
<text>Times</text>
@@ -45,7 +45,7 @@
<active/>
</tab>
</tabs>
-
+
<fields>
<field>
<fielddescr>Log type</fielddescr>
@@ -59,14 +59,14 @@
<option><name>squidGuard log</name><value>squidguard_log</value></option>
<option><name>squid config</name><value>squid_config</value></option>
<option><name>squidGuard config</name><value>squidguard_config</value></option>
- </options>
+ </options>
</field>
</fields>
<custom_php_command_before_form>
squidguard_before_form_log(&amp;$pkg);
</custom_php_command_before_form>
- <custom_php_after_form_command>
+ <custom_php_after_form_command>
squidGuard_print_javascript();
</custom_php_after_form_command>
<custom_php_validation_command>
diff --git a/config/squidGuard/squidguard_rewr.xml b/config/squidGuard/squidguard_rewr.xml
index d126a9ae..da811b14 100644
--- a/config/squidGuard/squidguard_rewr.xml
+++ b/config/squidGuard/squidguard_rewr.xml
@@ -8,7 +8,7 @@
<name>squidguardrewrite</name>
<version>none</version>
- <title>Proxy Content filter SquidGuard: Rewrites</title>
+ <title>Proxy filter SquidGuard: Rewrites</title>
<include_file>/usr/local/pkg/squidguard.inc</include_file>
<tabs>
diff --git a/config/squidGuard/squidguard_time.xml b/config/squidGuard/squidguard_time.xml
index 623f7d0a..df3bf165 100644
--- a/config/squidGuard/squidguard_time.xml
+++ b/config/squidGuard/squidguard_time.xml
@@ -8,7 +8,7 @@
<name>squidguardtime</name>
<version>none</version>
- <title>Proxy Content filter SquidGuard: Times</title>
+ <title>Proxy filter SquidGuard: Times</title>
<include_file>/usr/local/pkg/squidguard.inc</include_file>
<delete_string>A proxy server user has been deleted.</delete_string>
diff --git a/config/tinydns/new_zone_wizard.xml b/config/tinydns/new_zone_wizard.xml
index 0f75291f..cd2f7ef6 100644
--- a/config/tinydns/new_zone_wizard.xml
+++ b/config/tinydns/new_zone_wizard.xml
@@ -35,7 +35,7 @@
<id>1</id>
<title>pfSense New Zone Wizard</title>
<disableheader>true</disableheader>
- <description>This wizard will guide you through the adding a new domain name service zone to TinyDNS.</description>
+ <description>This wizard will guide you through adding your first domain to TinyDNS.</description>
<fields>
<field>
<name>Next</name>
@@ -236,7 +236,7 @@
tinydns_sync_on_changes();
}
- Header("Location: /tinydns_status.php");
+ Header("Location: /pkg.php?xml=tinydns_domains.xml");
]]>
</stepsubmitbeforesave>
</step>
diff --git a/config/tinydns/tinydns.inc b/config/tinydns/tinydns.inc
index ead705e6..f86e553c 100644
--- a/config/tinydns/tinydns.inc
+++ b/config/tinydns/tinydns.inc
@@ -481,16 +481,29 @@ function tinydns_create_zone_file() {
function tinydns_sync_on_changes() {
global $g, $config;
+ log_error("[tinydns] tinydns_xmlrpc_sync.php is starting.");
$synconchanges = $config['installedpackages']['tinydnssync']['config'][0]['synconchanges'];
if(!$synconchanges)
return;
$sync_hosts = $config['installedpackages']['tinydnssync']['config'];
- foreach($sync_hosts as $sh) {
- $sync_to_ip = $sh['ipaddress'];
- $password = $sh['password'];
- if($password and $sync_to_ip)
+ $previous_ip = "";
+ $x=0;
+ $sh = $config['installedpackages']['tinydnssync']['config'][0];
+ for($x=1; $x<5; $x++) {
+ if($x > 1)
+ $counter = $x;
+ else
+ $counter = "";
+ $sync_to_ip = "";
+ $password = "";
+ if($sh['ipaddress' . $counter]) {
+ $sync_to_ip = $sh['ipaddress' . $counter];
+ $password = $sh['password' . $counter];
+ }
+ if($password && $sync_to_ip)
tinydns_do_xmlrpc_sync($sync_to_ip, $password);
- }
+ }
+ log_error("[tinydns] tinydns_xmlrpc_sync.php is ending.");
}
function tinydns_do_xmlrpc_sync($sync_to_ip, $password) {
@@ -554,9 +567,9 @@ function tinydns_do_xmlrpc_sync($sync_to_ip, $password) {
/* tell tinydns to reload our settings on the destionation sync host. */
$method = 'pfsense.exec_php';
- $execcmd = "require('/usr/local/pkg/tinydns.inc');\n";
+ $execcmd = "require_once('/usr/local/pkg/tinydns.inc');\n";
$execcmd .= "tinydns_custom_php_changeip_command();\n";
- $execcmd .= "tinydns_custom_php_install_command();\n";
+ //$execcmd .= "tinydns_custom_php_install_command();\n";
$execcmd .= "tinydns_create_zone_file();\n";
$execcmd .= "tinydns_setup_ping_items();\n";
@@ -566,6 +579,7 @@ function tinydns_do_xmlrpc_sync($sync_to_ip, $password) {
XML_RPC_encode($execcmd)
);
+ log_error("tinydns XMLRPC reload data {$url}:{$port}.");
$msg = new XML_RPC_Message($method, $params);
$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
$cli->setCredentials('admin', $password);
@@ -581,10 +595,9 @@ function tinydns_do_xmlrpc_sync($sync_to_ip, $password) {
log_error($error);
file_notice("sync_settings", $error, "tinydns Settings Sync", "");
} else {
- log_error("tinydns XMLRPC sync successfully completed with {$url}:{$port} (pfsense.exec_php).");
+ log_error("tinydns XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
}
-
- log_error("[tinydns] tinydns_xmlrpc_sync.php is ending.");
+
}
/* formats data as a tinydns data row item */
diff --git a/config/tinydns/tinydns_domains.xml b/config/tinydns/tinydns_domains.xml
index 19468213..59ff56a7 100644
--- a/config/tinydns/tinydns_domains.xml
+++ b/config/tinydns/tinydns_domains.xml
@@ -219,28 +219,38 @@
</field>
</fields>
<custom_delete_php_command>
+ $dnssync = true;
tinydns_create_zone_file();
tinydns_setup_ping_items();
tinydns_sync_on_changes();
</custom_delete_php_command>
<custom_php_validation_command>
- tinydns_cleanup_addedit_form_record();
+ if(function_exists("tinydns_cleanup_addedit_form_record"))
+ tinydns_cleanup_addedit_form_record();
+ else {
+ require_once("/usr/local/pkg/tinydns.inc");
+ }
</custom_php_validation_command>
<custom_add_php_command>
+ $dnssync = true;
log_error("Begin tinydns add");
tinydns_create_zone_file();
log_error("Zone file done.");
tinydns_setup_ping_items();
log_error("Ping items done.");
tinydns_sync_on_changes();
+ log_error("Sync items done.");
</custom_add_php_command>
<custom_php_resync_config_command>
- log_error("Begin tinydns resync");
- tinydns_create_zone_file();
- log_error("Zone file done.");
- tinydns_setup_ping_items();
- log_error("Ping items done.");
- tinydns_sync_on_changes();
+ if(!$dnssync) {
+ log_error("Begin tinydns resync");
+ tinydns_create_zone_file();
+ log_error("Zone file done.");
+ tinydns_setup_ping_items();
+ log_error("Ping items done.");
+ tinydns_sync_on_changes();
+ log_error("Sync items done.");
+ }
</custom_php_resync_config_command>
<custom_php_command_before_form>
unset($_POST['temp']);
diff --git a/pkg_config.7.xml b/pkg_config.7.xml
index 65dff675..86a00c9a 100755
--- a/pkg_config.7.xml
+++ b/pkg_config.7.xml
@@ -78,7 +78,7 @@
<descr>Adds pfSense dashboard that will be included with 2.0. WARNING! Cannot be deinstalled.</descr>
<category>System</category>
<config_file>http://www.pfsense.com/packages/config/dashboard/dashboard.xml</config_file>
- <version>0.7.5.3</version>
+ <version>0.7.6.2</version>
<status>BETA</status>
<required_version>1.2</required_version>
<maximum_version>1.9</maximum_version>
@@ -92,7 +92,7 @@
<pkginfolink>http://doc.pfsense.org/index.php/FreeSWITCH</pkginfolink>
<config_file>http://www.pfsense.com/packages/config/freeswitch/freeswitch.xml</config_file>
<depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url>
- <version>0.8.3.5</version>
+ <version>0.8.7.5</version>
<status>Beta</status>
<required_version>1.2.1</required_version>
<maintainer>markjcrane@gmail.com</maintainer>
@@ -169,6 +169,20 @@
<configurationfile>cron.xml</configurationfile>
</package>
<package>
+ <name>Shellcmd</name>
+ <website/>
+ <descr>The shellcmd utility is used to manage commands on system startup.</descr>
+ <category>Services</category>
+ <pkginfolink></pkginfolink>
+ <config_file>http://www.pfsense.com/packages/config/shellcmd/shellcmd.xml</config_file>
+ <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url>
+ <version>0.3</version>
+ <status>Beta</status>
+ <required_version>1.2</required_version>
+ <maintainer>markjcrane@gmail.com</maintainer>
+ <configurationfile>shellcmd.xml</configurationfile>
+ </package>
+ <package>
<name>snort</name>
<descr>Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more.</descr>
<category>Security</category>
@@ -241,12 +255,12 @@
<package>
<name>vnstat</name>
<website>http://humdi.net/vnstat/</website>
- <descr>A console-based network traffic monitor</descr>
+ <descr>A console-based network traffic monitor + vnstat PHP frontend</descr>
<category>Network Management</category>
<depends_on_package_base_url>http://www.pfsense.com/packages/config/vnstat/bin/</depends_on_package_base_url>
<depends_on_package>vnstat-1.6_3.tbz</depends_on_package>
<version>1.6.3</version>
- <status>Beta</status>
+ <status>Stable</status>
<required_version>1.2.3</required_version>
<maintainer>crazypark2@yahoo.dk</maintainer>
<config_file>http://www.pfsense.com/packages/config/vnstat/vnstat.xml</config_file>
@@ -268,9 +282,9 @@
<package>
<name>Fit123</name>
<website>http://pfsense.comuf.com</website>
- <descr>A list of small custom things that can be added to pfSense 1.2.3 : Date,Code-red,LTSP,AFC and DDNS</descr>
+ <descr>With Fit123 a small set of features can be added to pfSense 1.2.3 (Date)Adds current date to front page (LTSP)Adds 3th network boot option (After Filter Change) Clear states after filter reload (DNS Servers)Adds option for a 3th and 4th DNS Server (DDNS)A more customize way to update dynamic dns (Themes)On install Code-red and the pfsense ng theme are added to the list of avalible themes.</descr>
<category>System</category>
- <version>0.0.1</version>
+ <version>0.0.5</version>
<status>ALPHA</status>
<required_version>1.2.3</required_version>
<maintainer>crazypark2@yahoo.dk</maintainer>
@@ -377,7 +391,7 @@
<descr>Network UPS Tools</descr>
<website>http://www.networkupstools.org/</website>
<category>Network Management</category>
- <version>2.0.4</version>
+ <version>2.0.4_1</version>
<status>BETA</status>
<required_version>1.2.1</required_version>
<maintainer>rswagoner@gmail.com</maintainer>
@@ -530,7 +544,7 @@
<descr>High performance web proxy cache.</descr>
<website>http://www.squid-cache.org/</website>
<category>Network</category>
- <version>2.6.21_09</version>
+ <version>2.6.21_10</version>
<status>Stable</status>
<required_version>1.2.1</required_version>
<maintainer>fernando@netfilter.com.br seth.mos@xs4all.nl mfuchs77@googlemail.com</maintainer>
@@ -591,7 +605,7 @@
<package>
<name>squidGuard</name>
<descr>
- High perfomance web proxy filter.
+ High perfomance web proxy URL filter.
Required proxy Squid package.
</descr>
<website>http://www.squidGuard.org/</website>
@@ -631,14 +645,14 @@
<configurationfile>openvpn-client-export.xml</configurationfile>
</package>
<package>
- <name>HAVP</name>
+ <name>HAVP antivirus</name>
<pkginfolink></pkginfolink>
<website>http://www.server-side.de/</website>
- <descr>HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus scanner. The main aims are continuous, non-blocking downloads and smooth scanning of dynamic and password protected HTTP traffic. Havp antivirus proxy has a parent and transparent proxy mode. It can be used with squid or standalone.</descr>
+ <descr>Antivirus: HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus scanner. The main aims are continuous, non-blocking downloads and smooth scanning of dynamic and password protected HTTP traffic. Havp antivirus proxy has a parent and transparent proxy mode. It can be used with squid or standalone. And File Scanner for local files.</descr>
<category>Network Management</category>
<depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url>
<depends_on_package>havp-0.88.tbz</depends_on_package>
- <version>0.88</version>
+ <version>0.88_05</version>
<status>ALPHA</status>
<required_version>1.2.2</required_version>
<config_file>http://www.pfsense.com/packages/config/havp/havp.xml</config_file>
@@ -682,5 +696,45 @@
<configurationfile>jail_template.xml</configurationfile>
<maintainer>ltning-jailctl@anduin.net</maintainer>
</package>
+ <package>
+ <name>IGMPproxy</name>
+ <descr>An IGMP proxy for multicast traffic.</descr>
+ <category>Network</category>
+ <version>0.1</version>
+ <required_version>1.2.2</required_version>
+ <status>BETA</status>
+ <pkginfolink>http://doc.pfsense.org/index.php/IGMPproxy</pkginfolink>
+ <config_file>http://www.pfsense.com/packages/config/igmpproxy/igmpproxy.xml</config_file>
+ <configurationfile>igmpproxy.xml</configurationfile>
+ <maintainer>eri@pfsense.org</maintainer>
+ </package>
+ <package>
+ <name>NRPE v2</name>
+ <website>http://example.org</website>
+ <descr>NRPE is an addon for Nagios that allows you to execute plugins on remote Linux/Unix hosts. This is useful if you need to monitor local resources/attributes like disk usage, CPU load, memory usage, etc. on a remote host.</descr>
+ <category>Services</category>
+ <depends_on_package_base_url>http://www.pfsense.com/packages/config/nrpe2/bin/</depends_on_package_base_url>
+ <depends_on_package>nrpe-2.12_1.tbz</depends_on_package>
+ <depends_on_package>nagios-plugins-1.4.13,1.tbz</depends_on_package>
+ <config_file>http://www.pfsense.com/packages/config/nrpe2/nrpe2.xml</config_file>
+ <version>2.11</version>
+ <status>Beta</status>
+ <required_version>1.2</required_version>
+ <maintainer>erik@erikkristensen.com</maintainer>
+ <configurationfile>nrpe2.xml</configurationfile>
+ </package>
+ <package>
+ <name>OpenVPN-Enhancements</name>
+ <maintainer>mfuchs77@googlemail.com</maintainer>
+ <website>http://pfsense.trendchiller.com</website>
+ <descr>Enhance OpenVPN with TLS-auth and client/server-options. WARNING! Cannot be uninstalled.</descr>
+ <category>Security</category>
+ <version>1.0</version>
+ <status>STABLE</status>
+ <required_version>1.2</required_version>
+ <maximum_version>1.2.9</maximum_version>
+ <config_file>http://www.pfsense.com/packages/config/ovpnenhance/ovpnenhance.xml</config_file>
+ <configurationfile>ovpnenhance.xml</configurationfile>
+ </package>
</packages>
</pfsensepkgs>
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 5c1a6cb6..b96410e5 100755
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -74,17 +74,6 @@
<after_install_info>The pfSense release key has been updated.</after_install_info>
</package>
<package>
- <name>Dashboard</name>
- <descr>Adds pfSense dashboard that will be included with 2.0. WARNING! Cannot be deinstalled.</descr>
- <category>System</category>
- <config_file>http://www.pfsense.com/packages/config/dashboard/dashboard.xml</config_file>
- <version>0.7.5.3</version>
- <status>BETA</status>
- <required_version>1.2</required_version>
- <maximum_version>1.9</maximum_version>
- <configurationfile>dashboard.xml</configurationfile>
- </package>
- <package>
<name>FreeSWITCH</name>
<website>http://www.freeswitch.org/</website>
<descr>FreeSWITCH is an open source telephony platform designed to facilitate the creation of voice and chat driven products scaling from a soft-phone up to a soft-switch. It can be used as a simple switching engine, a PBX, a media gateway or a media server to host IVR applications using simple scripts or XML to control the callflow. </descr>
@@ -217,7 +206,7 @@
<descr>OpenBGPD is a FREE implementation of the Border Gateway Protocol, Version 4. It allows ordinary machines to be used as routers exchanging routes with other systems speaking the BGP protocol.</descr>
<category>NET</category>
<config_file>http://www.pfsense.com/packages/config/openbgpd/openbgpd.xml</config_file>
- <version>0.4</version>
+ <version>0.5</version>
<status>STABLE</status>
<required_version>1.3</required_version>
<configurationfile>openbgpd.xml</configurationfile>
@@ -377,7 +366,7 @@
<descr>Network UPS Tools</descr>
<website>http://www.networkupstools.org/</website>
<category>Network Management</category>
- <version>2.0.4</version>
+ <version>2.0.4_1</version>
<status>BETA</status>
<required_version>1.2.1</required_version>
<maintainer>rswagoner@gmail.com</maintainer>
@@ -530,7 +519,7 @@
<descr>High performance web proxy cache.</descr>
<website>http://www.squid-cache.org/</website>
<category>Network</category>
- <version>2.6.21_09</version>
+ <version>2.6.21_10</version>
<status>Stable</status>
<required_version>1.2.1</required_version>
<maintainer>fernando@netfilter.com.br seth.mos@xs4all.nl mfuchs77@googlemail.com</maintainer>
@@ -591,7 +580,7 @@
<package>
<name>squidGuard</name>
<descr>
- High perfomance web proxy filter.
+ High perfomance web proxy URL filter.
Required proxy Squid package.
</descr>
<website>http://www.squidGuard.org/</website>
@@ -631,14 +620,14 @@
<configurationfile>openvpn-client-export.xml</configurationfile>
</package>
<package>
- <name>HAVP</name>
+ <name>HAVP antivirus</name>
<pkginfolink></pkginfolink>
<website>http://www.server-side.de/</website>
- <descr>HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus scanner. The main aims are continuous, non-blocking downloads and smooth scanning of dynamic and password protected HTTP traffic. Havp antivirus proxy has a parent and transparent proxy mode. It can be used with squid or standalone.</descr>
+ <descr>Antivirus: HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus scanner. The main aims are continuous, non-blocking downloads and smooth scanning of dynamic and password protected HTTP traffic. Havp antivirus proxy has a parent and transparent proxy mode. It can be used with squid or standalone. And File Scanner for local files.</descr>
<category>Network Management</category>
<depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url>
<depends_on_package>havp-0.88.tbz</depends_on_package>
- <version>0.88</version>
+ <version>0.88_05</version>
<status>ALPHA</status>
<required_version>1.2.2</required_version>
<config_file>http://www.pfsense.com/packages/config/havp/havp.xml</config_file>
diff --git a/pkg_config.xml b/pkg_config.xml
index 8277ecec..93862665 100644
--- a/pkg_config.xml
+++ b/pkg_config.xml
@@ -60,7 +60,7 @@
<descr>OpenBGPD is a FREE implementation of the Border Gateway Protocol, Version 4. It allows ordinary machines to be used as routers exchanging routes with other systems speaking the BGP protocol.</descr>
<category>NET</category>
<config_file>http://www.pfsense.com/packages/config/openbgpd/openbgpd.xml</config_file>
- <version>0.4</version>
+ <version>0.5</version>
<status>STABLE</status>
<required_version>1.3</required_version>
<configurationfile>openbgpd.xml</configurationfile>
@@ -86,7 +86,7 @@
<descr>Adds pfSense dashboard that will be included with 2.0. This requires 1.2 or newer. WARNING! Cannot be deinstalled.</descr>
<category>System</category>
<config_file>http://www.pfsense.com/packages/config/dashboard/dashboard.xml</config_file>
- <version>1.7.5.3</version>
+ <version>1.7.6.2</version>
<status>BETA</status>
<required_version>1.2</required_version>
<maximum_version>1.9</maximum_version>
@@ -250,7 +250,7 @@
<descr>Network UPS Tools</descr>
<website>http://www.networkupstools.org/</website>
<category>Network Management</category>
- <version>2.0.4</version>
+ <version>2.0.4_1</version>
<status>BETA</status>
<required_version>1.0</required_version>
<maintainer>rswagoner@gmail.com</maintainer>
@@ -515,7 +515,7 @@
<descr>High performance web proxy cache.</descr>
<website>http://www.squid-cache.org/</website>
<category>Network</category>
- <version>2.6.21_09</version>
+ <version>2.6.21_10</version>
<status>Stable</status>
<required_version>1.0</required_version>
<maintainer>fernando@netfilter.com.br seth.mos@xs4all.nl mfuchs77@googlemail.com</maintainer>
@@ -812,4 +812,17 @@
<config_file>http://www.pfsense.com/packages/config/open-vm-tools/open-vm-tools.xml</config_file>
<configurationfile>open-vm-tools.xml</configurationfile>
</package>
+ <package>
+ <name>OpenVPN-Enhancements</name>
+ <maintainer>mfuchs77@googlemail.com</maintainer>
+ <website>http://pfsense.trendchiller.com</website>
+ <descr>Enhance OpenVPN with TLS-auth and client/server-options. WARNING! Cannot be uninstalled.</descr>
+ <category>Security</category>
+ <version>1.0</version>
+ <status>STABLE</status>
+ <required_version>1.2</required_version>
+ <maximum_version>1.2.9</maximum_version>
+ <config_file>http://www.pfsense.com/packages/config/ovpnenhance/ovpnenhance.xml</config_file>
+ <configurationfile>ovpnenhance.xml</configurationfile>
+ </package>
</pfsensepkgs>