From 4b06e8adc9bc8ddd25de359b0d6d130e853483b5 Mon Sep 17 00:00:00 2001 From: stilez Date: Mon, 17 Feb 2014 22:47:06 +0000 Subject: Add PERMIT BOTH option, and minor enhancements 1) Add PERMIT ALL as a list type (allows whitelisting without alias->multiple manual rules) 2) Fix typo "beggining" 3) Improve SWITCH-CASE code flows in 2 places (avoid dup. code) 4) Improve explanatory text for deny/permit Files modified: "pfblocker.inc" "pfblocker_lists.xml" --- config/pf-blocker/pfblocker.inc | 36 ++++++++++++------------------------ 1 file changed, 12 insertions(+), 24 deletions(-) (limited to 'config/pf-blocker/pfblocker.inc') diff --git a/config/pf-blocker/pfblocker.inc b/config/pf-blocker/pfblocker.inc index c40d742e..9740dce5 100755 --- a/config/pf-blocker/pfblocker.inc +++ b/config/pf-blocker/pfblocker.inc @@ -167,15 +167,6 @@ function sync_package_pfblocker($cron="") { #Create rule if action permits switch($continent_config['action']){ case "Deny_Both": - $rule = $base_rule; - $rule["type"] = $deny_action_inbound; - $rule["descr"]= "$pfb_alias auto rule"; - $rule["source"]= array("address"=> $pfb_alias); - $rule["destination"]=array("any"=>""); - if ($pfblocker_config['enable_log']){ - $rule["log"]=""; - } - $deny_inbound[]=$rule; case "Deny_Outbound": $rule = $base_rule; $rule["type"] = $deny_action_outbound; @@ -185,8 +176,9 @@ function sync_package_pfblocker($cron="") { if ($pfblocker_config['enable_log']){ $rule["log"]=""; } - $deny_outbound[]=$rule; - break; + $deny_outbound[]=$rule; + if ($continent_config['action'] != "Deny_Both") + break; case "Deny_Inbound": $rule = $base_rule; $rule["type"] = $deny_action_inbound; @@ -198,6 +190,7 @@ function sync_package_pfblocker($cron="") { } $deny_inbound[]=$rule; break; + case "Permit_Both": case "Permit_Outbound": $rule = $base_rule; $rule["type"] = "pass"; @@ -208,7 +201,8 @@ function sync_package_pfblocker($cron="") { $rule["log"]=""; } $permit_outbound[]=$rule; - break; + if ($continent_config['action'] != "Permit_Both") + break; case "Permit_Inbound": $rule = $base_rule; $rule["type"] = "pass"; @@ -317,15 +311,6 @@ function sync_package_pfblocker($cron="") { #Create rule if action permits switch($list['action']){ case "Deny_Both": - $rule = $base_rule; - $rule["type"] = $deny_action_inbound; - $rule["descr"]= "$alias auto rule"; - $rule["source"]= array("address"=> $alias); - $rule["destination"]=array("any"=>""); - if ($pfblocker_config['enable_log']){ - $rule["log"]=""; - } - $deny_inbound[]=$rule; case "Deny_Outbound": $rule = $base_rule; $rule["type"] = $deny_action_outbound; @@ -335,8 +320,9 @@ function sync_package_pfblocker($cron="") { if ($pfblocker_config['enable_log']){ $rule["log"]=""; } - $deny_outbound[]=$rule; - break; + $deny_outbound[]=$rule; + if ($list['action'] != "Deny_Both") + break; case "Deny_Inbound": $rule = $base_rule; $rule["type"] = $deny_action_inbound; @@ -348,6 +334,7 @@ function sync_package_pfblocker($cron="") { } $deny_inbound[]=$rule; break; + case "Permit_Both": case "Permit_Outbound": $rule = $base_rule; $rule["type"] = "pass"; @@ -358,7 +345,8 @@ function sync_package_pfblocker($cron="") { $rule["log"]=""; } $permit_outbound[]=$rule; - break; + if ($list['action'] != "Permit_Both") + break; case "Permit_Inbound": $rule = $base_rule; $rule["type"] = "pass"; -- cgit v1.2.3