Project

General

Profile

« Previous | Next » 

Revision 8f563bb4

Added by Ermal LUÇI over 12 years ago

Use the better -Fs modifies to pf to kill the states by interface. Also kill both sides on an interface when -k needs to be used

View differences:

etc/inc/filter.inc
143 143 
					$gwiface = $gateway['interface'];
144 144 
				else
145 145 
					$gwiface = get_real_interface($gateway['friendlyiface']);
146 
				$cmd = "/sbin/pfctl -i {$gwiface} -k 0.0.0.0/0";
146 
				$cmd = "/sbin/pfctl -i {$gwiface} -Fs";
147 147 
				mwexec($cmd);
148 148 
			}
149 149 
		}
etc/inc/interfaces.inc
1235 1235 
//	log_error("Checking for old router states: {$g['tmp_path']}/{$realif}_router = {$old_router}");
1236 1236 
	if (!empty($old_router)) {
1237 1237 
		log_error("Clearing states to old gateway {$old_router}.");
1238 
		mwexec("/sbin/pfctl -i {$realif} -k 0.0.0.0/0");
1238 
		mwexec("/sbin/pfctl -i {$realif} -Fs");
1239 1239 
	}
1240 1240 

  		




  1241
  1241
  
    
	/* remove interface up file if it exists */


  		












  

    
      sbin/dhclient-script
    
  





  83
  83
  
    
		if [ "${OLD_ROUTER}" != "${new_routers}" ]; then


  		




  84
  84
  
    
			$LOGGER "Removing states through old gateway '${OLD_ROUTER}' (new gateway '${new_routers}')"


  		




  85
  85
  
    
			/sbin/pfctl -i $interface -k 0.0.0.0/0 -k ${OLD_ROUTER}/32


  		




  
  86
  
    
			/sbin/pfctl -i $interface -k ${OLD_ROUTER}/32 -k 0.0.0.0/0


  		




  86
  87
  
    
		fi


  		




  87
  88
  
    
	fi


  		




  88
  89
  
    
}


  		












  

    
      usr/local/sbin/ovpn-linkdown
    
  





  1
  1
  
    
#!/bin/sh


  		




  2
  
  
    
/sbin/pfctl -i $1 -k 0.0.0.0/0


  		




  
  2
  
    
/sbin/pfctl -i $1 -Fs


  		




  3
  3
  
    
# delete the node just in case mpd cannot do that


  		




  4
  4
  
    
/bin/rm -f /var/etc/nameserver_$1


  		




  5
  5
  
    
/bin/rm -f /tmp/$1_router


  		












  

    
      usr/local/sbin/ppp-linkdown
    
  





  16
  16
  
    
	pfctl -K ${LOCAL_IP}


  		




  17
  17
  
    
fi


  		




  18
  18
  
    

  		




  19
  
  
    
/sbin/pfctl -i $1 -k 0.0.0.0/0


  		




  
  19
  
    
/sbin/pfctl -i $1 -Fs


  		




  20
  20
  
    
if [ -f "/tmp/${1}_defaultgw" ]; then


  		




  21
  21
  
    
	route delete default ${OLD_ROUTER}


  		




  22
  22
  
    
fi


  		












  

    
      usr/local/sbin/ppp-linkup
    
  





  6
  6
  
    
	if [ "${OLD_ROUTER}" != "" ]; then


  		




  7
  7
  
    
		echo "Removing states to old router ${OLD_ROUTER}" | logger -t ppp-linkup


  		




  8
  8
  
    
		/sbin/pfctl -i $1 -k 0.0.0.0/0 -k ${OLD_ROUTER}/32


  		




  
  9
  
    
		/sbin/pfctl -i $1 -k ${OLD_ROUTER}/32 -k 0.0.0.0/0


  		




  9
  10
  
    
	fi


  		




  10
  11
  
    

  		




  11
  12
  
    
	# let the configuration system know that the ipv4 has changed.


  		












  

    
      usr/local/sbin/vpn-linkdown
    
  





  2
  2
  
    

  		




  3
  3
  
    
# record logout


  		




  4
  4
  
    
/usr/bin/logger -p local3.info "logout,$1,$4,$5"


  		




  5
  
  
    
/sbin/pfctl -i $1 -b 0.0.0.0/32 -b $4/32


  		




  6
  
  
    
/sbin/pfctl -i $1 -k $4/32


  		




  7
  
  
    
/sbin/pfctl -i $1 -k 0.0.0.0/32 $4/32


  		




  8
  
  
    
/sbin/pfctl -i $1 -K $4/32


  		




  9
  
  
    
/sbin/pfctl -i $1 -K 0.0.0.0/32 -K $4/32


  		




  
  5
  
    
/sbin/pfctl -i $1 -Fs


  		




  
  6
  
    
/sbin/pfctl -K $4/32


  		












Also available in:  Unified diff