From cc47995dd0b4f7a44c36a94d6f4feabddc418e12 Mon Sep 17 00:00:00 2001
From: Charlie <root@testfbsd8.localdomain>
Date: Wed, 8 Jul 2009 14:45:06 +0000
Subject: Add needed code to packages to confirm to 2.0 rules for adding
 firewall rules. NOTE: other packages might need intervention but for now this
 is the neccessary minimum to remove dependency on pkg-utils.inc on filter.inc

---
 config/clamav.inc              |  3 ++-
 config/clamav.xml              |  1 +
 config/frickin/frickin.inc     |  1 +
 config/frickin/frickin.xml     |  1 +
 config/imspector/imspector.inc | 17 +++++++++++++++++
 config/imspector/imspector.xml |  1 +
 config/siproxd.inc             |  3 ++-
 config/siproxd.xml             |  3 ++-
 config/spamd.inc               | 31 ++++++++++++++++++++++++++++++-
 config/spamd.xml               |  3 ++-
 config/squid/squid.inc         |  3 ++-
 config/squid/squid.xml         |  1 +
 12 files changed, 62 insertions(+), 6 deletions(-)

(limited to 'config')

diff --git a/config/clamav.inc b/config/clamav.inc
index 2e83888c..3aaaf71d 100644
--- a/config/clamav.inc
+++ b/config/clamav.inc
@@ -235,6 +235,7 @@ function clamav_generate_rules($type) {
 				$rules .= "rdr on $iface proto tcp to port pop3 -> 127.0.0.1 port 8110\n";
 			break;
 		case 'filter':
+		case 'rule':
 			foreach ($ifaces as $iface)
 				$rules .= "pass quick on $iface proto tcp to port pop3 flags S/SA keep state\n";
 			break;
@@ -252,7 +253,7 @@ function clamav_generate_rules($type) {
 				$rules .= "rdr on $iface proto tcp to ($iface) port smtp -> 127.0.0.1 port 10025\n";
 		}
 
-		else {
+		else if ($type == 'filer' || $type == 'rule') {
 			foreach ($ifaces as $iface)
 				$rules .= "pass quick on $iface proto tcp to ($iface) port smtp flags S/SA keep state\n";
 		}
diff --git a/config/clamav.xml b/config/clamav.xml
index 483a32a6..465c635a 100644
--- a/config/clamav.xml
+++ b/config/clamav.xml
@@ -127,4 +127,5 @@
 	<custom_php_install_command>
 		clamav_install_command();
 	</custom_php_install_command>
+	<filter_rules_needed>clamav_generate_rules</filter_rules_needed>
 </packagegui>
diff --git a/config/frickin/frickin.inc b/config/frickin/frickin.inc
index 8b57b8ae..a79345bb 100644
--- a/config/frickin/frickin.inc
+++ b/config/frickin/frickin.inc
@@ -127,6 +127,7 @@ function frickin_generate_rules($type) {
 			}
 			break;
 		case 'filter':
+		case 'rule':
 			$ext_if = get_real_wan_interface();
 			$rules .= "pass out on $ext_if proto gre from any to any keep state\n";
 			$rules .= "pass in on $ext_if proto gre from any to any keep state\n";
diff --git a/config/frickin/frickin.xml b/config/frickin/frickin.xml
index 497d4cd3..4d1d421d 100644
--- a/config/frickin/frickin.xml
+++ b/config/frickin/frickin.xml
@@ -86,4 +86,5 @@
 	<custom_php_deinstall_command>
 		frickin_custom_php_deinstall_command();
 	</custom_php_deinstall_command>
+	<filter_rules_needed>frickin_generate_rules</filter_rules_needed>
 </packagegui>
diff --git a/config/imspector/imspector.inc b/config/imspector/imspector.inc
index 09974363..ea4458ce 100644
--- a/config/imspector/imspector.inc
+++ b/config/imspector/imspector.inc
@@ -104,6 +104,23 @@
 		//exec('pkg_delete imspector-0.4');
 	}
 
+	function imspector_generate_rules($type) {
+		
+		$rules = "";
+		switch ($type) {
+		case 'rdr':
+			$rules = "# IMSpector rdr anchor\n";
+			$rules .= "rdr-anchor \"imspector\"\n";
+			break;
+		case 'rule':
+			$rules = "# IMSpector \n";
+			$rules .= "anchor \"miniupnpd\"\n";
+			break;
+		}
+
+		return $rules;
+	}
+
 	function sync_package_imspector() {
 		global $config;
 		global $input_errors;
diff --git a/config/imspector/imspector.xml b/config/imspector/imspector.xml
index afdcdcf0..c7595b9a 100644
--- a/config/imspector/imspector.xml
+++ b/config/imspector/imspector.xml
@@ -218,4 +218,5 @@
 	<custom_php_deinstall_command>
 		deinstall_package_imspector();
 	</custom_php_deinstall_command>
+	<filter_rules_needed>imspector_generate_rules</filter_rules_needed>
 </packagegui>
diff --git a/config/siproxd.inc b/config/siproxd.inc
index be1ac196..147eee31 100644
--- a/config/siproxd.inc
+++ b/config/siproxd.inc
@@ -73,6 +73,7 @@ function siproxd_generate_rules($type) {
 		}
 		break;
 	  case 'filter':
+	case 'rule':
 		foreach ($ifaces as $iface) {
 			$rules .= "# allow SIP signaling and RTP traffic\n";
 			$rules .= "pass in quick on {$iface} proto udp from any to any port = {$port}\n";
@@ -193,4 +194,4 @@ function sync_package_siproxd() {
 			conf_mount_ro();
     }
 
-?>
\ No newline at end of file
+?>
diff --git a/config/siproxd.xml b/config/siproxd.xml
index c79c722f..f4e1bd0b 100644
--- a/config/siproxd.xml
+++ b/config/siproxd.xml
@@ -170,4 +170,5 @@
 	</custom_add_php_command>
 	<custom_php_resync_config_command>
 	</custom_php_resync_config_command>
-</packagegui>
\ No newline at end of file
+	<filter_rules_needed>siproxd_generate_rules</filter_rules_needed>
+</packagegui>
diff --git a/config/spamd.inc b/config/spamd.inc
index 3088d037..6ee72ad7 100644
--- a/config/spamd.inc
+++ b/config/spamd.inc
@@ -160,6 +160,35 @@ function sync_package_spamd() {
 	log_error("SpamD setup completed");	
 }
 
+function spamd_generate_rules($type) {
+	global $config;
+
+	$natrules = "";
+	switch($type) {
+	case 'rdr':
+		$natrules .= "\n# spam table \n";
+                $wanif = $FilterIflist["wan"]['if'];
+                $natrules .= "table <whitelist> persist\n";
+                $natrules .= "table <blacklist> persist\n";
+                $natrules .= "table <spamd> persist\n";
+                if(file_exists("/var/db/whitelist.txt"))
+                        $natrules .= "table <spamd-white> persist file \"/var/db/whitelist.txt\"\n";
+                $natrules .= "rdr pass on {$wanif} proto tcp from <blacklist> to port smtp -> 127.0.0.1 port spamd\n";
+                $natrules .= "rdr pass on {$wanif} proto tcp from <spamd> to port smtp -> 127.0.0.1 port spamd\n";
+                $natrules .= "rdr pass on {$wanif} proto tcp from !<spamd-white> to port smtp -> 127.0.0.1 port spamd\n";
+                if($config['installedpackages']['spamdsettings']['config'])
+                        foreach($config['installedpackages']['spamdsettings']['config'] as $ss)
+                                $nextmta = $ss['nextmta'];
+                if($nextmta <> "") {
+                        $natrules .= "rdr pass on {$wanif} proto tcp from <spamd-white> to port smtp -> {$nextmta} port smtp\n";
+                }
+
+		break;
+	}
+	
+	return $natrules;
+}
+
 function remove_spaces($string) {
 	$string = str_replace(" ", "", $string);
 	return $string;
@@ -286,4 +315,4 @@ function spamd_validate_input($post, $input_errors) {
 	}
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/config/spamd.xml b/config/spamd.xml
index a065c0a8..5bbc5d71 100644
--- a/config/spamd.xml
+++ b/config/spamd.xml
@@ -207,4 +207,5 @@
 	<custom_php_deinstall_command>
 		custom_php_deinstall_command();
 	</custom_php_deinstall_command>
-</packagegui>
\ No newline at end of file
+	<filter_rules_needed>spamd_generate_rules</filter_rules_needed>
+</packagegui>
diff --git a/config/squid/squid.inc b/config/squid/squid.inc
index dbd8267f..4200f02e 100644
--- a/config/squid/squid.inc
+++ b/config/squid/squid.inc
@@ -1268,6 +1268,7 @@ function squid_generate_rules($type) {
 			$rules .= "\n";
 			break;
 		case 'filter':
+		case 'rule':
 			foreach ($ifaces as $iface) {
 				$rules .= "# Setup squid pass rules for proxy\n";
 				$rules .= "pass in quick on $iface proto tcp from any to !($iface) port 80 flags S/SA keep state\n";
@@ -1288,4 +1289,4 @@ function squid_generate_rules($type) {
 	return $rules;
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/config/squid/squid.xml b/config/squid/squid.xml
index a119e647..7f2c1627 100644
--- a/config/squid/squid.xml
+++ b/config/squid/squid.xml
@@ -330,4 +330,5 @@
 		squid_deinstall_command();
 		exec("/bin/rm -f /usr/local/etc/rc.d/squid*");
 	</custom_php_deinstall_command>
+	<filter_rules_needed>squid_generate_rules</filter_rules_needed>
 </packagegui>
-- 
cgit v1.2.3