Project

General

Profile

« Previous | Next » 

Revision 06d6a543

Added by Phil Davis about 12 years ago

Allow advanced options state-related parameters to be used for TCP, UDP and ICMP

Allows the state-related parameters to be specified for UDP and ICMP as well as TCP. Discussed in forum http://forum.pfsense.org/index.php/topic,64653.0.html

View differences:

etc/inc/filter.inc
2328 2328 
			$aline['flags'] = "flags S/SA ";
2329 2329 
		}
2330 2330 
	}
2331 
	if (($rule['protocol'] == "tcp") && ($type == "pass")) {
2331 
	if (in_array($rule['protocol'], array("icmp","udp","tcp","tcp/udp")) && ($type == "pass")) {
2332 2332 
		/*
2333 2333 
		 *	# keep state
2334 2334 
		 *		works with TCP, UDP, and ICMP.
......
2343 2343 
		 *		queueing in certain situations. please check the faq.
2344 2344 
		 */
2345 2345 
		$noadvoptions = false;
2346 
		if(isset($rule['statetype']) && $rule['statetype'] <> "") {
2346 
		if (isset($rule['statetype']) && $rule['statetype'] <> "") {
2347 2347 
			switch($rule['statetype']) {
2348 2348 
				case "none":
2349 2349 
					$noadvoptions = true;
......
2351 2351 
					break;
2352 2352 
				case "modulate state":
2353 2353 
				case "synproxy state":
2354 
					if($rule['protocol'] == "tcp")
2354 
					if ($rule['protocol'] == "tcp")
2355 2355 
						$aline['flags'] .= "{$rule['statetype']} ";
2356 2356 
					break;
2357 2357 
				case "sloppy state":
......
2365 2365 
		} else
2366 2366 
			$aline['flags'] .= "keep state ";
2367 2367 

  		




  2368
  
  
    
		if($noadvoptions == false || $l7_present)


  		




  2369
  
  
    
			if( (isset($rule['source-track']) and $rule['source-track'] <> "") or


  		




  
  2368
  
    
		if ($noadvoptions == false || $l7_present)


  		




  
  2369
  
    
			if ((isset($rule['source-track']) and $rule['source-track'] <> "") or


  		




  2370
  2370
  
    
			    (isset($rule['max']) and $rule['max'] <> "") or


  		




  2371
  2371
  
    
			    (isset($rule['max-src-nodes']) and $rule['max-src-nodes'] <> "") or


  		




  2372
  
  
    
			    (isset($rule['max-src-conn']) and $rule['max-src-conn'] <> "") or


  		




  2373
  
  
    
			    (isset($rule['max-src-conn-rate']) and $rule['max-src-conn-rate'] <> "") or


  		




  2374
  
  
    
			    (isset($rule['max-src-conn-rates']) and $rule['max-src-conn-rates'] <> "") or


  		




  2375
  2372
  
    
			    (isset($rule['max-src-states']) and $rule['max-src-states'] <> "") or


  		




  2376
  
  
    
			    (isset($rule['statetimeout']) and $rule['statetimeout'] <> "") or


  		




  
  2373
  
    
			    ((in_array($rule['protocol'], array("tcp","tcp/udp"))) and


  		




  
  2374
  
    
			     ((isset($rule['statetimeout']) and $rule['statetimeout'] <> "") or


  		




  
  2375
  
    
			      (isset($rule['max-src-conn']) and $rule['max-src-conn'] <> "") or


  		




  
  2376
  
    
			      (isset($rule['max-src-conn-rate']) and $rule['max-src-conn-rate'] <> "") or


  		




  
  2377
  
    
			      (isset($rule['max-src-conn-rates']) and $rule['max-src-conn-rates'] <> ""))) or


  		




  2377
  2378
  
    
			    isset($rule['sloppy']) or $l7_present) {


  		




  2378
  2379
  
    
					$aline['flags'] .= "( ";


  		




  2379
  2380
  
    
					if (isset($rule['sloppy']))


  		




  2380
  2381
  
    
						$aline['flags'] .= "sloppy ";


  		




  2381
  
  
    
					if(isset($rule['source-track']) and $rule['source-track'] <> "")


  		




  
  2382
  
    
					if (isset($rule['source-track']) and $rule['source-track'] <> "")


  		




  2382
  2383
  
    
						$aline['flags'] .= "source-track rule ";


  		




  2383
  
  
    
					if(isset($rule['max']) and $rule['max'] <> "")


  		




  
  2384
  
    
					if (isset($rule['max']) and $rule['max'] <> "")


  		




  2384
  2385
  
    
						$aline['flags'] .= "max " . $rule['max'] . " ";


  		




  2385
  
  
    
					if(isset($rule['max-src-nodes']) and $rule['max-src-nodes'] <> "")


  		




  
  2386
  
    
					if (isset($rule['max-src-nodes']) and $rule['max-src-nodes'] <> "")


  		




  2386
  2387
  
    
						$aline['flags'] .= "max-src-nodes " . $rule['max-src-nodes'] . " ";


  		




  2387
  
  
    
					if(isset($rule['max-src-conn']) and $rule['max-src-conn'] <> "")


  		




  
  2388
  
    
					if ((in_array($rule['protocol'], array("tcp","tcp/udp"))) 


  		




  
  2389
  
    
							and isset($rule['max-src-conn']) 


  		




  
  2390
  
    
							and $rule['max-src-conn'] <> "")


  		




  2388
  2391
  
    
						$aline['flags'] .= "max-src-conn " . $rule['max-src-conn'] . " ";


  		




  2389
  
  
    
					if(isset($rule['max-src-states']) and $rule['max-src-states'] <> "")


  		




  
  2392
  
    
					if (isset($rule['max-src-states']) and $rule['max-src-states'] <> "")


  		




  2390
  2393
  
    
						$aline['flags'] .= "max-src-states " . $rule['max-src-states'] . " ";


  		




  2391
  
  
    
					if(isset($rule['statetimeout']) and $rule['statetimeout'] <> "")


  		




  
  2394
  
    
					if ((in_array($rule['protocol'], array("tcp","tcp/udp"))) 


  		




  
  2395
  
    
							and isset($rule['statetimeout']) 


  		




  
  2396
  
    
							and $rule['statetimeout'] <> "")


  		




  2392
  2397
  
    
						$aline['flags'] .= "tcp.established " . $rule['statetimeout'] . " ";


  		




  2393
  
  
    
					if(isset($rule['max-src-conn-rate'])


  		




  
  2398
  
    
					if ((in_array($rule['protocol'], array("tcp","tcp/udp"))) 


  		




  
  2399
  
    
							and isset($rule['max-src-conn-rate'])


  		




  2394
  2400
  
    
							and $rule['max-src-conn-rate'] <> ""


  		




  2395
  2401
  
    
							and isset($rule['max-src-conn-rates'])


  		




  2396
  2402
  
    
							and $rule['max-src-conn-rates'] <> "") {


  		












Also available in:  Unified diff