### Eclipse Workspace Patch 1.0 #P pfSense_RELENG_1_2 Index: etc/inc/filter.inc =================================================================== RCS file: /cvsroot/pfSense/etc/inc/filter.inc,v retrieving revision 1.575.2.368.2.14 diff -u -r1.575.2.368.2.14 filter.inc --- etc/inc/filter.inc 21 Apr 2007 19:07:10 -0000 1.575.2.368.2.14 +++ etc/inc/filter.inc 21 Apr 2007 23:13:11 -0000 @@ -86,22 +86,6 @@ echo "filter_configure_sync() being called $mt\n"; } - /* check to see if any rules reference a schedule - * and if so load ipfw for later usage. - */ - foreach($config['filter']['rule'] as $rule) { - if($rule['sched']) - $time_based_rules = true; - } - if($time_based_rules == true) { - $status = intval(`kldstat | grep ipfw | wc -l | awk '{ print $1 }'`); - if($status == "0") { - mute_kernel_msgs(); - mwexec("/sbin/kldload ipfw"); - unmute_kernel_msgs(); - } - } - $lan_if = $config['interfaces']['lan']['if']; $wan_if = get_real_wan_interface(); @@ -140,6 +124,22 @@ update_filter_reload_status("Loading filter rules"); + /* check to see if any rules reference a schedule + * and if so load ipfw for later usage. + */ + foreach($config['filter']['rule'] as $rule) { + if($rule['sched']) + $time_based_rules = true; + } + if($time_based_rules == true) { + $status = intval(`kldstat | grep ipfw | wc -l | awk '{ print $1 }'`); + if($status == "0") { + mute_kernel_msgs(); + mwexec("/sbin/kldload ipfw"); + unmute_kernel_msgs(); + } + } + /* enable pf if we need to, otherwise disable */ if (!isset ($config['system']['disablefilter'])) { mwexec("/sbin/pfctl -e"); @@ -1980,6 +1980,9 @@ if($type == "pass") { $ipfw_rule = tdr_create_ipfw_rule($rule, "deny"); tdr_install_rule($ipfw_rule); + } else { + $ipfw_rule = tdr_create_ipfw_rule($rule, "allow"); + tdr_install_rule($ipfw_rule); } return "# $line"; } Index: etc/inc/pfsense-utils.inc =================================================================== RCS file: /cvsroot/pfSense/etc/inc/pfsense-utils.inc,v retrieving revision 1.316.2.243.2.7 diff -u -r1.316.2.243.2.7 pfsense-utils.inc --- etc/inc/pfsense-utils.inc 21 Apr 2007 23:05:13 -0000 1.316.2.243.2.7 +++ etc/inc/pfsense-utils.inc 21 Apr 2007 23:13:13 -0000 @@ -102,7 +102,7 @@ * text string with ipfw rule already formatted ******/ function tdr_create_ipfw_rule($rule, $type) { - global $config, $g; + global $config, $g, $tdr_get_next_ipfw_rule; $wancfg = $config['interfaces']['wan']; $lancfg = $config['interfaces']['lan']; @@ -455,7 +455,15 @@ if($aline['prot'] == "") $aline['prot'] = "ip "; - + + tdr_get_next_ipfw_rule(); + + /* piece together the actual user rule */ + if($type == "allow") { + $next_rule = tdr_get_next_ipfw_rule+2; + $type = "skipto $next_rule"; + } + /* piece together the actual user rule */ $line .= $type . " " . $aline['prot'] . $aline['src'] . $aline['srcport'] . $aline['dst'] . $aline['dstport'] . " in recv " . $aline['interface']; @@ -473,8 +481,26 @@ * none ******/ function tdr_install_rule($rule) { - mwexec("/sbin/ipfw -f add 2 set 9 $rule"); + global $tdr_next_ipfw_rule; + mwexec("/sbin/ipfw -f add $tdr_next_ipfw_rule set 9 $rule"); + echo "/sbin/ipfw -f add $tdr_next_ipfw_rule set 9 $rule"; + $tdr_next_ipfw_rule++; } + +/****f* pfsense-utils/tdr_get_next_ipfw_rule + * NAME + * tdr_get_next_ipfw_rule + * INPUTS + * none + * RESULT + * returns the next available ipfw rule number + ******/ +function tdr_get_next_ipfw_rule() { + global $tdr_next_ipfw_rule; + if(!$tdr_next_ipfw_rule) + $tdr_next_ipfw_rule = 2; + return $tdr_next_ipfw_rule; + } /****f* pfsense-utils/tdr_install_set * NAME