1
|
diff --git a/src/usr/local/pkg/pfblockerng/pfblockerng.inc b/src/usr/local/pkg/pfblockerng/pfblockerng.inc
|
2
|
index 7fa8c1d2f8bf9ee15728d8d71fe5d04a3ef2bc34..6605e933eee2e19c7b39d83b6d40edd50ca798b5 100644
|
3
|
--- a/src/usr/local/pkg/pfblockerng/pfblockerng.inc
|
4
|
+++ b/src/usr/local/pkg/pfblockerng/pfblockerng.inc
|
5
|
@@ -4126,52 +4126,64 @@ function pfb_aliastables($mode) {
|
6
|
function pfb_filterrules() {
|
7
|
global $pfb;
|
8
|
|
9
|
- $rule_list = array();
|
10
|
- $rule_list['id'] = array();
|
11
|
- $rule_list['other'] = array();
|
12
|
- $rule_list['int'] = array();
|
13
|
+ $rule_list = array();
|
14
|
+ $rule_list['id'] = array();
|
15
|
+ $rule_list['other'] = array();
|
16
|
+ $rule_list['int'] = array();
|
17
|
|
18
|
exec("{$pfb['pfctl']} -vvsr 2>&1", $results);
|
19
|
if (!empty($results)) {
|
20
|
foreach ($results as $result) {
|
21
|
if (substr($result, 0, 1) == '@') {
|
22
|
-
|
23
|
- $r = explode(')', $result, 2);
|
24
|
-
|
25
|
- // pfSense > v2.6 uses an 'ridentifier' string
|
26
|
- if (strpos($result, 'ridentifier') != FALSE) {
|
27
|
- $id = trim(strstr(strstr($r[1], 'ridentifier', FALSE), ' ', FALSE));
|
28
|
- } else {
|
29
|
- $id = ltrim(strstr($r[0], '(', FALSE), '(');
|
30
|
- }
|
31
|
-
|
32
|
- // Find rule descriptions and type for pfBlockerNG Tracker IDs
|
33
|
- if (strpos($r[1], ' <pfB_') !== FALSE) {
|
34
|
- $descr = ltrim(stristr($r[1], '<pfb_', FALSE), '<');
|
35
|
- $descr = strstr($descr, ':', TRUE);
|
36
|
- $type = strstr(trim($r[1]), ' ', TRUE);
|
37
|
- if ($type == 'match') {
|
38
|
- $type = 'unkn(%u)';
|
39
|
+ $type = strstr(ltrim(strstr($result, ' ', FALSE), ' '), ' ', TRUE);
|
40
|
+ if (in_array($type, array('block', 'pass', 'match'))) {
|
41
|
+ // Since pfSense CE 2.6 and pfSense Plus 22.01, pf rules use an 'ridentifier' string
|
42
|
+ if (strrpos($result, 'ridentifier') !== false) {
|
43
|
+ $id_begin_delim = 'ridentifier ';
|
44
|
+ $id_end_delim = ' ';
|
45
|
+ } elseif (strpos($result, '(') !== false && strpos($result, ')') !== false) {
|
46
|
+ $id_begin_delim = '(';
|
47
|
+ $id_end_delim = ')';
|
48
|
+ } else {
|
49
|
+ continue;
|
50
|
}
|
51
|
|
52
|
- if (!is_array($rule_list[$id])) {
|
53
|
- $rule_list[$id] = array();
|
54
|
+ // Get the rule ID
|
55
|
+ $id_begin_offset = strpos($result, $id_begin_delim) + strlen($id_begin_delim);
|
56
|
+ $id_end_offset = strpos($result, $id_end_delim, $id_begin_offset);
|
57
|
+ if ($id_end_offset !== FALSE) {
|
58
|
+ $id_length = $id_end_offset - $id_begin_offset;
|
59
|
+ } else {
|
60
|
+ $id_length = strlen($result) - $id_begin_offset;
|
61
|
}
|
62
|
+ $id = substr($result, $id_begin_offset, $id_length);
|
63
|
|
64
|
- $rule_list['id'][] = $id;
|
65
|
- $rule_list[$id]['name'] = $descr;
|
66
|
- $rule_list[$id]['type'] = $type;
|
67
|
-
|
68
|
- $int = trim(strstr(trim(strstr(trim(strstr($r[1], ' on ', FALSE)), ' ', FALSE)), ' ', TRUE));
|
69
|
- if (!empty($int)) {
|
70
|
- $rule_list['int'][$int] = '';
|
71
|
+ // Add the rule to the list
|
72
|
+ if (strpos($result, ' <pfB_') !== FALSE) {
|
73
|
+ $descr = ltrim(stristr($result, '<pfb_', FALSE), '<');
|
74
|
+ $descr = strstr($descr, ':', TRUE);
|
75
|
+ $type = strstr(ltrim(strstr($result, ' ', FALSE), ' '), ' ', TRUE);
|
76
|
+ if ($type == 'match') {
|
77
|
+ $type = 'unkn(%u)';
|
78
|
+ }
|
79
|
+
|
80
|
+ if (!is_array($rule_list[$id])) {
|
81
|
+ $rule_list[$id] = array();
|
82
|
+ }
|
83
|
+
|
84
|
+ $rule_list['id'][] = $id;
|
85
|
+ $rule_list[$id]['name'] = $descr;
|
86
|
+ $rule_list[$id]['type'] = $type;
|
87
|
+
|
88
|
+ $int = strstr(ltrim(strstr($result, ' on ', FALSE), ' on '), ' ', TRUE);
|
89
|
+ if (!empty($int)) {
|
90
|
+ $rule_list['int'][$int] = '';
|
91
|
+ }
|
92
|
+ } else {
|
93
|
+ // All other non-pfBlockerNG Tracker IDs
|
94
|
+ $rule_list['other'][$id] = '';
|
95
|
}
|
96
|
}
|
97
|
-
|
98
|
- // All other non-pfBlockerNG Tracker IDs
|
99
|
- else {
|
100
|
- $rule_list['other'][$id] = '';
|
101
|
- }
|
102
|
}
|
103
|
}
|
104
|
}
|