Revision a55e9c70
Added by Ermal Luçi about 16 years ago
| etc/inc/pfsense-utils.inc | ||
|---|---|---|
| 561 | 561 |
mwexec("/sbin/ipfw add 1 check-state");
|
| 562 | 562 |
mwexec("/sbin/ipfw delete 65534");
|
| 563 | 563 |
mwexec("/sbin/ipfw add 1 allow all from me to any keep-state");
|
| 564 |
if (!isset ($config['system']['webgui']['noantilockout'])) {
|
|
| 564 |
if (!isset ($config['system']['webgui']['noantilockout']) && count($config['interfaces']) > 1) {
|
|
| 565 | 565 |
/* lan ip lockout */ |
| 566 |
$lancfg = $config['interfaces']['lan']; |
|
| 567 |
$lanip = $lancfg['ipaddr']; |
|
| 568 |
$lansn = $lancfg['subnet']; |
|
| 569 |
$lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']); |
|
| 566 |
$lanip = get_interface_ip("lan");
|
|
| 567 |
$lansn = get_interface_subnet("lan");
|
|
| 568 |
$lansa = gen_subnet($lanip, $lansn); |
|
| 570 | 569 |
mwexec("/sbin/ipfw add 1 allow all from {$lansa}/{$lansn} to $lanip keep-state");
|
| 571 | 570 |
} |
| 572 | 571 |
mwexec("/sbin/ipfw add 65534 check-state");
|
| ... | ... | |
| 1249 | 1248 |
$carp_subnet = find_virtual_ip_netmask($carp_ip); |
| 1250 | 1249 |
$starting_ip = gen_subnet("{$carp_ip}", "{$carp_subnet}");
|
| 1251 | 1250 |
$carp_ints = ""; |
| 1252 |
$num_carp_ints = find_number_of_created_carp_interfaces(); |
|
| 1253 | 1251 |
|
| 1254 | 1252 |
foreach ($ifdescrs as $ifdescr => $ifname) {
|
| 1255 | 1253 |
if(interface_has_gateway($ifname)) {
|
| 1256 |
$interfaceip = $config['interfaces'][$ifname]['ipaddr'];
|
|
| 1257 |
$subnet_bits = $config['interfaces'][$ifname]['subnet'];
|
|
| 1254 |
$interfaceip = get_interface_ip($ifname);
|
|
| 1255 |
$subnet_bits = get_interface_subnet($ifname);
|
|
| 1258 | 1256 |
$subnet_ip = gen_subnet("{$interfaceip}", "{$subnet_bits}");
|
| 1259 | 1257 |
if(ip_in_subnet($carp_ip, "{$subnet_ip}/{$subnet_bits}")) {
|
| 1260 | 1258 |
return $ifname; |
| ... | ... | |
| 2855 | 2853 |
/* return outside interfaces with a gateway */ |
| 2856 | 2854 |
function get_interfaces_with_gateway() {
|
| 2857 | 2855 |
global $config; |
| 2856 |
|
|
| 2858 | 2857 |
$ints = array(); |
| 2859 |
$vfaces = array( |
|
| 2860 |
'bridge.?*', |
|
| 2861 |
'ppp.?*', |
|
| 2862 |
'sl.?*', |
|
| 2863 |
'gif.?*', |
|
| 2864 |
'faith.?*', |
|
| 2865 |
'lo.?*', |
|
| 2866 |
'ng.?*', |
|
| 2867 |
'vlan.?*', |
|
| 2868 |
'pflog.?*', |
|
| 2869 |
'pfsync.?*', |
|
| 2870 |
'enc.?*', |
|
| 2871 |
'tun.?*', |
|
| 2872 |
'carp.?*' |
|
| 2873 |
); |
|
| 2874 |
$ifdescrs = get_interface_list("active","physical",$vfaces);
|
|
| 2858 |
$ifdescrs = get_configured_interface_list(false, true); |
|
| 2875 | 2859 |
|
| 2876 | 2860 |
/* loop interfaces, check config for outbound */ |
| 2877 | 2861 |
foreach ($ifdescrs as $ifdescr => $ifname) {
|
| 2878 |
$friendly = $ifname['friendly']; |
|
| 2879 |
switch ($config['interfaces'][$friendly]['ipaddr']) {
|
|
| 2862 |
switch ($config['interfaces'][$ifname]['ipaddr']) {
|
|
| 2880 | 2863 |
case "dhcp": |
| 2881 | 2864 |
case "carpdev-dhcp": |
| 2882 | 2865 |
case "pppoe": |
| 2883 | 2866 |
case "pptp": |
| 2884 |
$ints[] = $friendly;
|
|
| 2867 |
$ints[] = $ifname;
|
|
| 2885 | 2868 |
break; |
| 2886 | 2869 |
default: |
| 2887 |
if ($config['interfaces'][$friendly]['pointtopoint'])
|
|
| 2888 |
$ints[] = $friendly;
|
|
| 2889 |
else if ($config['interfaces'][$friendly]['gateway'] <> "")
|
|
| 2890 |
$ints[] = $friendly;
|
|
| 2870 |
if ($config['interfaces'][$ifname]['pointtopoint'])
|
|
| 2871 |
$ints[] = $ifname;
|
|
| 2872 |
else if (!empty($config['interfaces'][$ifname]['gateway']))
|
|
| 2873 |
$ints[] = $ifname;
|
|
| 2891 | 2874 |
break; |
| 2892 | 2875 |
} |
| 2893 | 2876 |
} |
| ... | ... | |
| 2897 | 2880 |
/* return true if interface has a gateway */ |
| 2898 | 2881 |
function interface_has_gateway($friendly) {
|
| 2899 | 2882 |
$friendly = strtolower($friendly); |
| 2900 |
if(in_array($friendly, get_interfaces_with_gateway())) {
|
|
| 2883 |
if (in_array($friendly, get_interfaces_with_gateway()))
|
|
| 2901 | 2884 |
return true; |
| 2902 |
} else {
|
|
| 2903 |
/* extra check for real interface names if it falls through */ |
|
| 2904 |
$friendly = convert_real_interface_to_friendly_interface_name($friendly); |
|
| 2905 |
return(in_array($friendly, get_interfaces_with_gateway())); |
|
| 2906 |
} |
|
| 2885 |
|
|
| 2886 |
return false; |
|
| 2907 | 2887 |
} |
| 2908 | 2888 |
|
| 2909 | 2889 |
/****f* pfsense-utils/isAjax |
Also available in: Unified diff
Basically use get_interface*() functions instead of accessing fields like 'ipaddr'/'descr' etc...
NOTE: This should give indipendce on dynamic interfaces on some services that before could not be used on top of this type of interfaces.