Project

General

Profile

Regression #13156 » 13156.txt

Marcos M, 08/30/2022 06:57 PM

 
1
diff --git a/src/usr/local/pkg/pfblockerng/pfblockerng.inc b/src/usr/local/pkg/pfblockerng/pfblockerng.inc
2
index 7fa8c1d2f8bf9ee15728d8d71fe5d04a3ef2bc34..6605e933eee2e19c7b39d83b6d40edd50ca798b5 100644
3
--- a/src/usr/local/pkg/pfblockerng/pfblockerng.inc
4
+++ b/src/usr/local/pkg/pfblockerng/pfblockerng.inc
5
@@ -4126,52 +4126,64 @@ function pfb_aliastables($mode) {
6
 function pfb_filterrules() {
7
 	global $pfb;
8
 
9
-	$rule_list		= array();
10
-	$rule_list['id']	= array();
11
-	$rule_list['other']	= array();
12
-	$rule_list['int']	= array();
13
+	$rule_list          = array();
14
+	$rule_list['id']    = array();
15
+	$rule_list['other'] = array();
16
+	$rule_list['int']   = array();
17
 
18
 	exec("{$pfb['pfctl']} -vvsr 2>&1", $results);
19
 	if (!empty($results)) {
20
 		foreach ($results as $result) {
21
 			if (substr($result, 0, 1) == '@') {
22
-
23
-				$r = explode(')', $result, 2);
24
-
25
-				// pfSense > v2.6 uses an 'ridentifier' string
26
-				if (strpos($result, 'ridentifier') != FALSE) {
27
-					$id = trim(strstr(strstr($r[1], 'ridentifier', FALSE), ' ', FALSE));
28
-				} else {
29
-					$id = ltrim(strstr($r[0], '(', FALSE), '(');
30
-				}
31
-
32
-				// Find rule descriptions and type for pfBlockerNG Tracker IDs
33
-				if (strpos($r[1], ' <pfB_') !== FALSE) {
34
-					$descr	= ltrim(stristr($r[1], '<pfb_', FALSE), '<');
35
-					$descr	= strstr($descr, ':', TRUE);
36
-					$type	= strstr(trim($r[1]), ' ', TRUE);
37
-					if ($type == 'match') {
38
-						$type = 'unkn(%u)';
39
+				$type   = strstr(ltrim(strstr($result, ' ', FALSE), ' '), ' ', TRUE);
40
+				if (in_array($type, array('block', 'pass', 'match'))) {
41
+					// Since pfSense CE 2.6 and pfSense Plus 22.01, pf rules use an 'ridentifier' string
42
+					if (strrpos($result, 'ridentifier') !== false) {
43
+						$id_begin_delim = 'ridentifier ';
44
+						$id_end_delim = ' ';
45
+					} elseif (strpos($result, '(') !== false && strpos($result, ')') !== false) {
46
+						$id_begin_delim = '(';
47
+						$id_end_delim = ')';
48
+					} else {
49
+						continue;
50
 					}
51
 
52
-					if (!is_array($rule_list[$id])) {
53
-						$rule_list[$id] = array();
54
+					// Get the rule ID
55
+					$id_begin_offset = strpos($result, $id_begin_delim) + strlen($id_begin_delim);
56
+					$id_end_offset = strpos($result, $id_end_delim, $id_begin_offset);
57
+					if ($id_end_offset !== FALSE) {
58
+						$id_length = $id_end_offset - $id_begin_offset;
59
+					} else {
60
+						$id_length = strlen($result) - $id_begin_offset;
61
 					}
62
+					$id = substr($result, $id_begin_offset, $id_length);
63
 
64
-					$rule_list['id'][]	= $id;
65
-					$rule_list[$id]['name']	= $descr;
66
-					$rule_list[$id]['type'] = $type;
67
-
68
-					$int = trim(strstr(trim(strstr(trim(strstr($r[1], ' on ', FALSE)), ' ', FALSE)), ' ', TRUE));
69
-					if (!empty($int)) {
70
-						 $rule_list['int'][$int] = '';
71
+					// Add the rule to the list
72
+					if (strpos($result, ' <pfB_') !== FALSE) {
73
+						$descr = ltrim(stristr($result, '<pfb_', FALSE), '<');
74
+						$descr = strstr($descr, ':', TRUE);
75
+						$type  = strstr(ltrim(strstr($result, ' ', FALSE), ' '), ' ', TRUE);
76
+						if ($type == 'match') {
77
+							$type = 'unkn(%u)';
78
+						}
79
+	
80
+						if (!is_array($rule_list[$id])) {
81
+							$rule_list[$id] = array();
82
+						}
83
+	
84
+						$rule_list['id'][]      = $id;
85
+						$rule_list[$id]['name'] = $descr;
86
+						$rule_list[$id]['type'] = $type;
87
+	
88
+						$int = strstr(ltrim(strstr($result, ' on ', FALSE), ' on '), ' ', TRUE);
89
+						if (!empty($int)) {
90
+							 $rule_list['int'][$int] = '';
91
+						}
92
+					} else {
93
+						// All other non-pfBlockerNG Tracker IDs
94
+						$rule_list['other'][$id] = '';
95
 					}
96
 				}
97
-
98
-				// All other non-pfBlockerNG Tracker IDs
99
-				else {
100
-					$rule_list['other'][$id] = '';
101
-				}
102
 			}
103
 		}
104
 	}
(1-1/2)