Actions
Bug #511
closed
pkg_generate_rules
Start date:
04/15/2010
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:
Description
HI Ermal
Found a bug with the way the discover_pkg_rules() function handles $pkg_generate_rules functions within each package that is installed.
If you have squid and HAVP installed, only HAVP's generate_rules function is executed, leaving any other packages rules not been applied.
I found by moving 'return $rules' to outside the foreach fixes the problem and allows for the discover_pkg_rules function to move onto the next package in the foreach loop.
Also having ' return "" ' for a package that has incorrect PF syntax penalizes the other packages from been setup with PF correctly - which i don't think is correct or the intended behaviour(?).
Example of the change is below:
function discover_pkg_rules($ruletype) {
global $config, $g;
if(!is_dir("/usr/local/pkg"))
return "";
$files = split("\n", trim(`ls /usr/local/pkg/*.inc`));
foreach($files as $pkg_inc) {
if($pkg_inc == "ls: No match.")
continue;
update_filter_reload_status("Checking for {$ruletype} PF hooks in package {$pkg_inc}");
require_once($pkg_inc);
$pkg = basename($pkg_inc, ".inc");
$pkg_generate_rules = "{$pkg}_generate_rules";
if(function_exists($pkg_generate_rules)) {
update_filter_reload_status("Processing early {$ruletype} rules for package {$pkg_inc}");
log_error("Processing early {$ruletype} rules for package {$pkg_inc}");
$rules .= $pkg_generate_rules("$ruletype");
file_put_contents("{$g['tmp_path']}/rules.packages", $rules);
$status = mwexec("/sbin/pfctl -nf {$g['tmp_path']}/rules.packages");
if ($status <> 0) {
$errorrules = "There was an error while parsing the package filter rules for {$pkg_inc}.\n";
log_error($errorrules);
file_put_contents("{$g['tmp_path']}/rules.packages.{$pkg_inc}", "#{$errorrules}\n");
return "";
}
}
}
return $rules;
}
Thx
Warren
Updated by Ermal Luçi 
Updated by 
Updated by
Actions