Project

General

Profile

« Previous | Next » 

Revision 166fc3cd

Added by Phil Davis almost 12 years ago

Minimize inclusion of bogonsv6

If "Allow IPv6" is on, but actually there is no enabled interface with "Block bogon networks" enabled, then we also do not need to include the bogonsv6 table into pf.
This allows some more flexibility for users to leave "Allow IPv6" checked, but still not use up memory for bogonsv6.

View differences:

etc/inc/filter.inc
58 58 
/* Used for aliases and interface macros */
59 59 
$aliases = "";
60 60 

  		




  
  61
  
    
function is_bogonsv6_used() {


  		




  
  62
  
    
	global $config, $g;


  		




  
  63
  
    
	# Only use bogonsv6 table if IPv6 Allow is on, and at least 1 enabled interface also has "blockbogons" enabled.


  		




  
  64
  
    
	$usebogonsv6 = false;


  		




  
  65
  
    
	if (isset($config['system']['ipv6allow'])) {


  		




  
  66
  
    
		foreach ($config['interfaces'] as $ifacedata) {


  		




  
  67
  
    
			if(isset($ifacedata['enable']) && isset($ifacedata['blockbogons'])) {


  		




  
  68
  
    
				$usebogonsv6 = true;


  		




  
  69
  
    
				break;


  		




  
  70
  
    
			}


  		




  
  71
  
    
		}


  		




  
  72
  
    
	}


  		




  
  73
  
    
	return $usebogonsv6;


  		




  
  74
  
    
}


  		




  
  75
  
    

  		




  61
  76
  
    
function flowtable_configure() {


  		




  62
  77
  
    
	global $config, $g;


  		




  63
  78
  
    

  		




  ......




  326
  341
  
    
		}


  		




  327
  342
  
    
	}


  		




  328
  343
  
    

  		




  329
  
  
    
	# If allow IPv6 has been unchecked then we can remove any bogonsv6 table (if the table is not there, the kill is still fine).


  		




  330
  
  
    
	if (!isset($config['system']['ipv6allow']))


  		




  
  344
  
    
	# If we are not using bogonsv6 then we can remove any bogonsv6 table from the running pf (if the table is not there, the kill is still fine).


  		




  
  345
  
    
	if (!is_bogonsv6_used())


  		




  331
  346
  
    
		$_grbg = exec("/sbin/pfctl -t bogonsv6 -T kill");


  		




  332
  347
  
    

  		




  333
  348
  
    
	update_filter_reload_status(gettext("Starting up layer7 daemon"));


  		




  ......




  565
  580
  
    
	if (!file_exists("/etc/bogonsv6"))


  		




  566
  581
  
    
		@file_put_contents("/etc/bogonsv6", "");


  		




  567
  582
  
    
	$aliases .= "table <bogons> persist file \"/etc/bogons\"\n";


  		




  568
  
  
    
	if (isset($config['system']['ipv6allow']))


  		




  
  583
  
    
	if (is_bogonsv6_used())


  		




  569
  584
  
    
		$aliases .= "table <bogonsv6> persist file \"/etc/bogonsv6\"\n";


  		




  570
  585
  
    

  		




  571
  586
  
    
	$vpns_list = filter_get_vpns_list();


  		












Also available in:  Unified diff