Project

General

Profile

« Previous | Next » 

Revision 06182467

Added by Renato Botelho over 12 years ago

Create rules for grouped interfaces before regular ones. Fixes #2837

View differences:

etc/inc/filter.inc
2845 2845 
		/* Pre-cache all our rules so we only have to generate them once */
2846 2846 
		$rule_arr1 = array();
2847 2847 
		$rule_arr2 = array();
2848 
		$rule_arr3 = array();
2848 2849 
		/*
2849 
		 * NB: Floating rules need to be written before regular once.
2850 
		 * NB: The order must be: Floating rules, then interface group and then regular ones.
2850 2851 
		 */
2851 2852 
		foreach ($config['filter']['rule'] as $rule) {
2852 2853 
			update_filter_reload_status("Pre-caching {$rule['descr']}...");
......
2859 2860 
					$rule_arr1[] = filter_generate_user_rule_arr($rule);
2860 2861 
					$rule['ipprotocol'] = "inet6";
2861 2862 
					$rule_arr1[] = filter_generate_user_rule_arr($rule);
2862 
				} else {
2863 
				} else if (is_interface_group($rule['interface'])) {
2863 2864 
					$rule['ipprotocol'] = "inet";
2864 2865 
					$rule_arr2[] = filter_generate_user_rule_arr($rule);
2865 2866 
					$rule['ipprotocol'] = "inet6";
2866 2867 
					$rule_arr2[] = filter_generate_user_rule_arr($rule);
2868 
				} else {
2869 
					$rule['ipprotocol'] = "inet";
2870 
					$rule_arr3[] = filter_generate_user_rule_arr($rule);
2871 
					$rule['ipprotocol'] = "inet6";
2872 
					$rule_arr3[] = filter_generate_user_rule_arr($rule);
2867 2873 
				}
2868 2874 
				$rule['ipprotocol'] = "inet46";
2869 2875 
			} else {
2870 2876 
				if (isset($rule['floating']))
2871 2877 
					$rule_arr1[] = filter_generate_user_rule_arr($rule);
2872 
				else
2878 
				else if (is_interface_group($rule['interface']))
2873 2879 
					$rule_arr2[] = filter_generate_user_rule_arr($rule);
2880 
				else
2881 
					$rule_arr3[] = filter_generate_user_rule_arr($rule);
2874 2882 
			}
2875 2883 
			if ($rule['sched'])
2876 2884 
				$time_based_rules = true;
......
2893 2901 
				continue;
2894 2902 
			$ipfrules .= "{$rule['rule']} {$rule['descr']}\n";
2895 2903 
		}
2896 
		unset($rule_arr1, $rule_arr2);
2904 
		foreach($rule_arr3 as $rule) {
2905 
			if (isset($rule['disabled']))
2906 
				continue;
2907 
			if (!$rule['rule'])
2908 
				continue;
2909 
			$ipfrules .= "{$rule['rule']} {$rule['descr']}\n";
2910 
		}
2911 
		unset($rule_arr1, $rule_arr2, $rule_arr3);
2897 2912 
	}
2898 2913 

  		




  2899
  2914
  
    
	$ipfrules .= "\n# Automatic Pass rules for any delegated IPv6 prefixes through dynamic IPv6 clients\n";


  		












  

    
      etc/inc/interfaces.inc
    
  





  3533
  3533
  
    
	return;


  		




  3534
  3534
  
    
}


  		




  3535
  3535
  
    

  		




  
  3536
  
    
function is_interface_group($if) {


  		




  
  3537
  
    
	global $config;


  		




  
  3538
  
    

  		




  
  3539
  
    
	if (is_array($config['ifgroups']['ifgroupentry']))


  		




  
  3540
  
    
		foreach ($config['ifgroups']['ifgroupentry'] as $groupentry) {


  		




  
  3541
  
    
			if ($groupentry['ifname'] === $if)


  		




  
  3542
  
    
				return true;


  		




  
  3543
  
    
		}


  		




  
  3544
  
    

  		




  
  3545
  
    
	return false;


  		




  
  3546
  
    
}


  		




  
  3547
  
    

  		




  3536
  3548
  
    
function interface_group_add_member($interface, $groupname) {


  		




  3537
  3549
  
    
	$interface = get_real_interface($interface);


  		




  3538
  3550
  
    
	mwexec("/sbin/ifconfig {$interface} group {$groupname}", true);


  		












Also available in:  Unified diff