127.0.0.1 port 16667\n"; } function imspector_pf_rule($iface, $port) { return "pass in quick on {$iface} inet proto tcp from any to any port {$port} keep state\n"; } function imspector_proto_to_port ($proto) { switch ($proto) { case "msn": return 1863; case "icqaim": return 5190; case "yahoo": return 5050; case "irc": return 6667; default: return NULL; } } function before_form_imspector($pkg) { global $config; } function validate_form_imspector($post, $input_errors) { if($post['iface_array']) foreach($post['iface_array'] as $iface) if($iface == "wan") $input_errors[] = 'It is a security risk to specify WAN in the \'Interface\' field'; } function sync_package_imspector() { global $config; global $input_errors; $configfile = "/usr/local/etc/imspector/imspector.conf"; $proto=""; $pf_rules=""; imspector_notice("Syncing package"); /* remove existing rules */ exec("/sbin/pfctl -a imspector -Fr"); exec("/sbin/pfctl -a imspector -Fn"); conf_mount_rw(); config_lock(); if(imspector_config("proto_msn")) $proto .= "msn,"; if(imspector_config("proto_icqaim")) $proto .= "icqaim,"; if(imspector_config("proto_yahoo")) $proto .= "yahoo,"; if(imspector_config("proto_irc")) $proto .= "irc,"; if($proto != "") $proto_array = explode(",",$proto); if(imspector_config("iface_array")) $iface_array = explode(",",imspector_config("iface_array")); if($iface_array && $proto_array) { foreach($iface_array as $iface) { $if = convert_friendly_interface_to_real_interface_name($iface); /* above function returns iface if fail */ if($if!=$iface) { $addr = find_interface_ip($if); /* non enabled interfaces are displayed in list on imspector settings page */ /* check that the interface has an ip address before adding parameters */ if($addr) { foreach($proto_array as $proto) { if(imspector_proto_to_port($proto)) { /* we can use rdr pass to auto create the filter rule */ $pf_rules .= imspector_pf_rdr($if,imspector_proto_to_port($proto)); } } } } } if($pf_rules != "") { exec("echo \"{$pf_rules}\" | /sbin/pfctl -a imspector -f -"); $configtext = "plugin_dir=/usr/local/lib/imspector\n"; if(imspector_config("proto_msn")) $configtext .= "msn_protocol=on\n"; if(imspector_config("proto_icqaim")) $configtext .= "icq_protocol=on\n"; if(imspector_config("proto_yahoo")) $configtext .= "yahoo_protocol=on\n"; if(imspector_config("proto_irc")) $configtext .= "irc_protocol=on\n"; if(imspector_config("log_file")) $configtext .= "file_logging_dir=/var/log/imspector\n"; if(imspector_config("filter_badwords")) $configtext .= "badwords_filename=/usr/local/etc/imspector/badwords.txt\n"; if(imspector_config("log_mysql")) { $configtext .= "mysql_server=".imspector_config("mysql_server")."\n"; $configtext .= "mysql_database=".imspector_config("mysql_database")."\n"; $configtext .= "mysql_username=".imspector_config("mysql_username")."\n"; $configtext .= "mysql_password=".imspector_config("mysql_password")."\n"; } write_imspector_config($configfile,$configtext); $stop = << "imspector.sh", "start" => $start, "stop" => $stop ) ); } if((int)exec("pgrep imspector | wc -l") == 0 || $_POST['iface_array']) { imspector_notice("Starting service"); if(imspector_config("log_file")) exec("mkdir -p /var/log/imspector"); start_service("imspector"); } } if(!$iface_array || !$proto_array || $pf_rules = "") { /* no parameters user does not want imspector running */ /* lets stop the service and remove the rc file */ stop_service("imspector"); imspector_warn("No interfaces and/or protocols stopping service"); exec("rm -f /usr/local/etc/rc.d/imspector*"); exec("rm -f {$configfile}"); } config_unlock(); conf_mount_ro(); } ?>