diff options
Diffstat (limited to 'config/onatproto')
-rw-r--r-- | config/onatproto/onatproto.inc | 18 | ||||
-rw-r--r-- | config/onatproto/onatproto.patch | 267 | ||||
-rw-r--r-- | config/onatproto/onatproto.xml | 65 |
3 files changed, 0 insertions, 350 deletions
diff --git a/config/onatproto/onatproto.inc b/config/onatproto/onatproto.inc deleted file mode 100644 index 93454107..00000000 --- a/config/onatproto/onatproto.inc +++ /dev/null @@ -1,18 +0,0 @@ -<?php - -function onatproto_install() { - global $g, $config; - - // Test to make sure the patch is not already applied. - $out = `patch -fslC --reverse -p1 -b .before_onatproto -d / -i /usr/local/pkg/onatproto.patch |& grep -ci reject`; - if ($out == 0) { - // If the patch has not already been applied, test to see if it will apply cleanly. - $out = `patch -fsNlC -p1 -b .before_onatproto -d / -i /usr/local/pkg/onatproto.patch |& grep -ci reject`; - if ($out == 0) { - // The patch should apply cleanly, let 'er rip. - mwexec("patch -fsNl -p1 -b .before_onatproto -d / -i /usr/local/pkg/onatproto.patch "); - } - } -} - -?>
\ No newline at end of file diff --git a/config/onatproto/onatproto.patch b/config/onatproto/onatproto.patch deleted file mode 100644 index c8d802f3..00000000 --- a/config/onatproto/onatproto.patch +++ /dev/null @@ -1,267 +0,0 @@ ---- /etc/inc/filter.inc.orig 2009-02-24 15:11:55.000000000 -0500 -+++ /etc/inc/filter.inc 2009-02-24 19:38:51.000000000 -0500 -@@ -494,7 +494,7 @@ - } - - /* Generate a 'nat on' or 'no nat on' rule for given interface */ --function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = "any", $dstport = "", $natip = "", $natport = "", $nonat = false, $staticnatport = false) { -+function filter_nat_rules_generate_if($if, $src = "any", $proto = "any", $srcport = "", $dst = "any", $dstport = "", $natip = "", $natport = "", $nonat = false, $staticnatport = false) { - global $config; - - /* XXX: billm - any idea if this code is needed? */ -@@ -507,6 +507,12 @@ - else - $tgt = "($if)"; - -+ /* Add the protocol, if defined */ -+ if (($proto != "") && ($proto != "any")) -+ $protocol = " proto {$proto}"; -+ else -+ $protocol = ""; -+ - /* Add the hard set source port (useful for ISAKMP) */ - if ($natport != "") - $tgt .= " port {$natport}"; -@@ -546,7 +552,7 @@ - - /* Put all the pieces together */ - if($if_friendly) -- $natrule = "{$nat} on \${$if_friendly} from {$src} to {$dst} {$target}{$staticnatport_txt}\n"; -+ $natrule = "{$nat} on \${$if_friendly} {$protocol} from {$src} to {$dst} {$target}{$staticnatport_txt}\n"; - - return $natrule; - } -@@ -654,6 +660,7 @@ - - $natrules .= filter_nat_rules_generate_if($natif, - $src, -+ $obent['protocol'], - $obent['sourceport'], - $dst, - $obent['dstport'], -@@ -669,9 +676,9 @@ - update_filter_reload_status("Creating outbound NAT rules"); - - $natrules .= filter_nat_rules_generate_if($wanif, -- "{$lansa}/{$lancfg['subnet']}", 500, "", 500, null, 500, false); -+ "{$lansa}/{$lancfg['subnet']}", "any", 500, "", 500, null, 500, false); - $natrules .= filter_nat_rules_generate_if($wanif, -- "{$lansa}/{$lancfg['subnet']}", 5060, "", 5060, null, 5060, false); -+ "{$lansa}/{$lancfg['subnet']}", "any", 5060, "", 5060, null, 5060, false); - $natrules .= filter_nat_rules_generate_if($wanif, - "{$lansa}/{$lancfg['subnet']}"); - -@@ -683,9 +690,9 @@ - $opt_interface = $oc['if']; - if (interface_has_gateway("$opt_interface")) { - $natrules .= filter_nat_rules_generate_if($opt_interface, -- "{$lansa}/{$lancfg['subnet']}", 500, "", 500, null, 500, false); -+ "{$lansa}/{$lancfg['subnet']}", "any", 500, "", 500, null, 500, false); - $natrules .= filter_nat_rules_generate_if($opt_interface, -- "{$lansa}/{$lancfg['subnet']}", 5060, "", 5060, null, 5060, false); -+ "{$lansa}/{$lancfg['subnet']}", "any", 5060, "", 5060, null, 5060, false); - $natrules .= filter_nat_rules_generate_if($opt_interface, - "{$lansa}/{$lancfg['subnet']}"); - } -@@ -701,22 +708,22 @@ - - /* create outbound nat entries for primary wan */ - $natrules .= filter_nat_rules_generate_if($wanif, -- "{$optsa}/{$optcfg['subnet']}", 500, "", 500, null, 500, false); -+ "{$optsa}/{$optcfg['subnet']}", "any", 500, "", 500, null, 500, false); - $natrules .= filter_nat_rules_generate_if($wanif, -- "{$optsa}/{$optcfg['subnet']}", 5060, "", 5060, null, 5060, false); -+ "{$optsa}/{$optcfg['subnet']}", "any", 5060, "", 5060, null, 5060, false); - $natrules .= filter_nat_rules_generate_if($wanif, -- "{$optsa}/{$optcfg['subnet']}", null, "", null, null, null, isset($optcfg['nonat'])); -+ "{$optsa}/{$optcfg['subnet']}", "any", null, "", null, null, null, isset($optcfg['nonat'])); - - /* create outbound nat entries for all opt wans */ - foreach($optints as $oc) { - $opt_interface = $oc['if']; - if (interface_has_gateway("$opt_interface")) { - $natrules .= filter_nat_rules_generate_if($opt_interface, -- "{$optsa}/{$optcfg['subnet']}", 500, "", 500, null, 500, false); -+ "{$optsa}/{$optcfg['subnet']}", "any", 500, "", 500, null, 500, false); - $natrules .= filter_nat_rules_generate_if($opt_interface, -- "{$optsa}/{$optcfg['subnet']}", 5060, "", 5060, null, 5060, false); -+ "{$optsa}/{$optcfg['subnet']}", "any", 5060, "", 5060, null, 5060, false); - $natrules .= filter_nat_rules_generate_if($opt_interface, -- "{$optsa}/{$optcfg['subnet']}", null, "", null, null, null, isset($optcfg['nonat'])); -+ "{$optsa}/{$optcfg['subnet']}", "any", null, "", null, null, null, isset($optcfg['nonat'])); - } - } - } -@@ -728,9 +735,9 @@ - if($config['pptp']['pptp_subnet'] <> "") - $pptp_subnet = $config['pptp']['pptp_subnet']; - $natrules .= filter_nat_rules_generate_if($wanif, -- "{$pptpdcfg['remoteip']}/{$pptp_subnet}", 500, "", 500, null, 500, false); -+ "{$pptpdcfg['remoteip']}/{$pptp_subnet}", "any", 500, "", 500, null, 500, false); - $natrules .= filter_nat_rules_generate_if($wanif, -- "{$pptpdcfg['remoteip']}/{$pptp_subnet}", 5060, "", 5060, null, 5060, false); -+ "{$pptpdcfg['remoteip']}/{$pptp_subnet}", "any", 5060, "", 5060, null, 5060, false); - $natrules .= filter_nat_rules_generate_if($wanif, - "{$pptpdcfg['remoteip']}/{$pptp_subnet}"); - -@@ -739,9 +746,9 @@ - $opt_interface = $oc['if']; - if ((is_private_ip($pptpdcfg['remoteip'])) && (interface_has_gateway($opt_interface))) { - $natrules .= filter_nat_rules_generate_if($opt_interface, -- "{$pptpdcfg['remoteip']}/{$pptp_subnet}", 500, "", 500, null, 500, false); -+ "{$pptpdcfg['remoteip']}/{$pptp_subnet}", "any", 500, "", 500, null, 500, false); - $natrules .= filter_nat_rules_generate_if($opt_interface, -- "{$pptpdcfg['remoteip']}/{$pptp_subnet}", 5060, "", 5060, null, 5060, false); -+ "{$pptpdcfg['remoteip']}/{$pptp_subnet}", "any", 5060, "", 5060, null, 5060, false); - $natrules .= filter_nat_rules_generate_if($opt_interface, - "{$pptpdcfg['remoteip']}/{$pptp_subnet}"); - } -@@ -754,20 +761,20 @@ - if($config['pppoe']['pppoe_subnet'] <> "") - $pppoe_subnet = $config['pppoe']['pppoe_subnet']; - $natrules .= filter_nat_rules_generate_if($wanif, -- "{$pppoecfg['remoteip']}/{$pppoe_subnet}", 500, "", 500, null, 500, false); -+ "{$pppoecfg['remoteip']}/{$pppoe_subnet}", "any", 500, "", 500, null, 500, false); - $natrules .= filter_nat_rules_generate_if($wanif, -- "{$pppoecfg['remoteip']}/{$pppoe_subnet}", 5060, "", 5060, null, 5060, false); -+ "{$pppoecfg['remoteip']}/{$pppoe_subnet}", "any", 5060, "", 5060, null, 5060, false); - $natrules .= filter_nat_rules_generate_if($wanif, -- "{$pppoecfg['remoteip']}/{$pppoe_subnet}"); -+ "{$pppoecfg['remoteip']}/{$pppoe_subnet}", "any"); - - /* generate nat mappings for opts with a gateway opts */ - foreach($optints as $oc) { - $opt_interface = $oc['if']; - if ((is_private_ip($pppoecfg['remoteip'])) && (interface_has_gateway($opt_interface))) { - $natrules .= filter_nat_rules_generate_if($opt_interface, -- "{$pppoecfg['remoteip']}/{$pppoe_subnet}", 500, "", 500, null, 500, false); -+ "{$pppoecfg['remoteip']}/{$pppoe_subnet}", "any", 500, "", 500, null, 500, false); - $natrules .= filter_nat_rules_generate_if($opt_interface, -- "{$pppoecfg['remoteip']}/{$pppoe_subnet}", 5060, "", 5060, null, 5060, false); -+ "{$pppoecfg['remoteip']}/{$pppoe_subnet}", "any", 5060, "", 5060, null, 5060, false); - $natrules .= filter_nat_rules_generate_if($opt_interface, - "{$pppoecfg['remoteip']}/{$pppoe_subnet}"); - } -@@ -780,22 +787,22 @@ - $netip = explode("/", $route['network']); - if ((! interface_has_gateway($route['interface'])) && (is_private_ip($netip[0]))) { - $natrules .= filter_nat_rules_generate_if($wanif, -- "{$route['network']}", 500, "", 500, null, 500, false); -+ "{$route['network']}", "any", 500, "", 500, null, 500, false); - $natrules .= filter_nat_rules_generate_if($wanif, -- "{$route['network']}", 5060, "", 5060, null, 5060, false); -+ "{$route['network']}", "any", 5060, "", 5060, null, 5060, false); - $natrules .= filter_nat_rules_generate_if($wanif, -- "{$route['network']}", "", null); -+ "{$route['network']}", "any", "", null); - } - /* generate nat mapping for static routes on opts */ - foreach($optints as $oc) { - $opt_interface = $oc['if']; - if ((! interface_has_gateway($route['interface'])) && (is_private_ip($netip[0])) && (interface_has_gateway($opt_interface))) { - $natrules .= filter_nat_rules_generate_if($opt_interface, -- "{$route['network']}", 500, "", 500, null, 500, false); -+ "{$route['network']}", "any", 500, "", 500, null, 500, false); - $natrules .= filter_nat_rules_generate_if($opt_interface, -- "{$route['network']}", 5060, "", 5060, null, 5060, false); -+ "{$route['network']}", "any", 5060, "", 5060, null, 5060, false); - $natrules .= filter_nat_rules_generate_if($opt_interface, -- "{$route['network']}", "", null); -+ "{$route['network']}", "any", "", null); - } - } - ---- /usr/local/www-orig/firewall_nat_out.php 2008-01-07 21:14:44.000000000 -0500 -+++ /usr/local/www/firewall_nat_out.php 2009-02-24 18:21:20.000000000 -0500 -@@ -102,6 +102,7 @@ - $natent['interface'] = "wan"; - $natent['destination']['any'] = true; - $natent['natport'] = ""; -+ $natent['protocol'] = "any"; - $a_out[] = $natent; - } - $savemsg = "Default rules for each interface have been created."; -@@ -265,6 +266,11 @@ - echo "LAN"; - else - echo htmlspecialchars($config['interfaces'][$natent['interface']]['descr']); -+ -+ if (($natent['protocol'] != "any") && ($natent['protocol'] != "")) -+ $proto = $natent['protocol'] . "/"; -+ else -+ $proto = ""; - ?> - - </td> -@@ -273,10 +279,11 @@ - </td> - <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';"> - <?php -+ - if (!$natent['sourceport']) -- echo "*"; -+ echo $proto . "*"; - else -- echo $natent['sourceport']; -+ echo $proto . $natent['sourceport']; - ?> - </td> - <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';"> -@@ -293,9 +300,9 @@ - <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';"> - <?php - if (!$natent['dstport']) -- echo "*"; -+ echo $proto . "*"; - else -- echo $natent['dstport']; -+ echo $proto . $natent['dstport']; - ?> - </td> - <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';"> ---- /usr/local/www-orig/firewall_nat_out_edit.php 2008-11-08 17:53:23.000000000 -0500 -+++ /usr/local/www/firewall_nat_out_edit.php 2009-02-25 12:07:33.000000000 -0500 -@@ -49,6 +49,7 @@ - } - - if (isset($id) && $a_out[$id]) { -+ $pconfig['proto'] = $a_out[$id]['protocol']; - list($pconfig['source'],$pconfig['source_subnet']) = explode('/', $a_out[$id]['source']['network']); - $pconfig['sourceport'] = $a_out[$id]['sourceport']; - address_to_pconfig($a_out[$id]['destination'], $pconfig['destination'], -@@ -170,6 +171,9 @@ - if (!$natent['interface']) - $natent['interface'] == "wan"; - -+ if ($natent['proto'] != $_POST['proto']) -+ continue; -+ - if (($natent['interface'] == $_POST['interface']) && ($natent['source']['network'] == $osn)) { - if (isset($natent['destination']['not']) == isset($_POST['destination_not'])) { - if ((isset($natent['destination']['any']) && ($ext == "any")) || -@@ -188,6 +192,7 @@ - $natent['descr'] = $_POST['descr']; - $natent['target'] = $_POST['target']; - $natent['interface'] = $_POST['interface']; -+ $natent['protocol'] = $_POST['proto']; - - /* static-port */ - if(isset($_POST['staticnatport'])) -@@ -316,6 +321,17 @@ - Hint: in most cases, you'll want to use WAN here.</span></td> - </tr> - <tr> -+ <td width="22%" valign="top" class="vncellreq">Protocol</td> -+ <td width="78%" class="vtable"> -+ <select name="proto" class="formfld" onChange="proto_change(); check_for_aliases();"> -+ <?php $protocols = explode(" ", "any TCP UDP GRE ESP AH L2TP ICMP"); foreach ($protocols as $proto): ?> -+ <option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option> -+ <?php endforeach; ?> -+ </select> <br> <span class="vexpl">Choose which IP protocol -+ this rule should match.<br> -+ Hint: in most cases, you should specify <em>any</em> here.</span></td> -+ </tr> -+ <tr> - <td width="22%" valign="top" class="vncellreq">Source</td> - <td width="78%" class="vtable"> - <table border="0" cellspacing="1" cellpadding="1"> diff --git a/config/onatproto/onatproto.xml b/config/onatproto/onatproto.xml deleted file mode 100644 index 46dd72c7..00000000 --- a/config/onatproto/onatproto.xml +++ /dev/null @@ -1,65 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - onatproto.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 to whom it may belong - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Patch to add Protocol options to Manual Outbound NAT</description> - <requirements>pfSense 1.2.x</requirements> - <faq>Only needed if you want to NAT outbound based on protocol as well as port.</faq> - <name>onatproto</name> - <version>0.1</version> - <title>onatproto</title> - <include_file>/usr/local/pkg/onatproto.inc</include_file> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>077</chmod> - <item>https://packages.pfsense.org/packages/config/onatproto/onatproto.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>077</chmod> - <item>https://packages.pfsense.org/packages/config/onatproto/onatproto.patch</item> - </additional_files_needed> - <custom_php_install_command> - onatproto_install(); - </custom_php_install_command> -</packagegui> |