From 67f8148144eef81427977f96ab2a2902266ebd08 Mon Sep 17 00:00:00 2001 From: Ryan Wagoner Date: Sat, 9 Dec 2006 21:13:15 +0000 Subject: use rdr pass to simplify the rule creation process .. inform users of imspector log directory --- packages/imspector/imspector.inc | 34 ++++++++++++++++------------------ packages/imspector/imspector.xml | 2 +- 2 files changed, 17 insertions(+), 19 deletions(-) diff --git a/packages/imspector/imspector.inc b/packages/imspector/imspector.inc index 3e7d6822..349d9976 100644 --- a/packages/imspector/imspector.inc +++ b/packages/imspector/imspector.inc @@ -26,12 +26,12 @@ } function imspector_pf_rdr($iface, $port) { - return "rdr on {$iface} inet proto tcp from any to any port = {$port} -> 127.0.0.1 port 16667\n"; + return "rdr pass on {$iface} inet proto tcp from any to any port = {$port} -> 127.0.0.1 port 16667\n"; } function imspector_pf_rule($iface, $port) { return "pass in quick on {$iface} inet proto tcp from any to any port {$port} keep state\n"; - } + } function imspector_proto_to_port ($proto) { @@ -86,22 +86,20 @@ $iface_array = explode(",",imspector_config("iface_array")); if($iface_array && $proto_array) { - for($i=1;$i<=2;$i++) { - foreach($iface_array as $iface) { - $if = convert_friendly_interface_to_real_interface_name($iface); - /* above function returns iface if fail */ - if($if!=$iface) { - $addr = find_interface_ip($if); - /* non enabled interfaces are displayed in list on imspector settings page */ - /* check that the interface has an ip address before adding parameters */ - if($addr) { - foreach($proto_array as $proto) { - if($i==1 && imspector_proto_to_port($proto)) - $pf_rules .= imspector_pf_rdr($if,imspector_proto_to_port($proto)); - elseif ($i==2 && imspector_proto_to_port($proto)) - $pf_rules .= imspector_pf_rule($if,imspector_proto_to_port($proto)); - } - } + foreach($iface_array as $iface) { + $if = convert_friendly_interface_to_real_interface_name($iface); + /* above function returns iface if fail */ + if($if!=$iface) { + $addr = find_interface_ip($if); + /* non enabled interfaces are displayed in list on imspector settings page */ + /* check that the interface has an ip address before adding parameters */ + if($addr) { + foreach($proto_array as $proto) { + if(imspector_proto_to_port($proto)) { + /* we can use rdr pass to auto create the filter rule */ + $pf_rules .= imspector_pf_rdr($if,imspector_proto_to_port($proto)); + } + } } } } diff --git a/packages/imspector/imspector.xml b/packages/imspector/imspector.xml index d9a83227..8678b08f 100644 --- a/packages/imspector/imspector.xml +++ b/packages/imspector/imspector.xml @@ -57,7 +57,7 @@ checkbox - Enable file logging + Enable file logging (stored in /var/log/imspector) log_file checkbox -- cgit v1.2.3