Project

General

Profile

« Previous | Next » 

Revision a9b2e638

Added by Ermal Luçi about 16 years ago

Present a new package option filter_rules_needed which has a function name to be called if the package needs to create firewall rules. The function should have a switch statement one with 'nat' option wich is called for nat/rdr and one with 'rule' option which is needed for rules. This will help on removing from filter.inc all the packages hardcoded includes and rules and give some more dynamicity. The rules by this function will be included on rules.nat.packages and rules.packages on /tmp partition and called by anchors include file when filter reloads(still this has to come).

View differences:

etc/inc/pkg-utils.inc
966 966 
	return;
967 967 
}
968 968 

  		




  969
  
  
    
?>


  		




  
  969
  
    
function pkg_build_filter_rules() {


  		




  
  970
  
    
	global $config;


  		




  
  971
  
    

  		




  
  972
  
    
	$pkgrules = "";


  		




  
  973
  
    
	$pkgnatrules = "";


  		




  
  974
  
    
	if (is_array($config['installedpackages']['package'])) {


  		




  
  975
  
    
		run_plugins("/usr/local/pkg");


  		




  
  976
  
    
                foreach($config['installedpackages']['package'] as $pkg) {


  		




  
  977
  
    
                        if (!isset($pkg['filter_rule_function']))


  		




  
  978
  
    
				continue;


  		




  
  979
  
    
			$tmpresult = call_user_func($pkg['filter_rule_function'], 'nat');


  		




  
  980
  
    
			if (!empty($tmpresult))


  		




  
  981
  
    
				$pkgnatrules .= $tmpresult . " \n";


  		




  
  982
  
    
			$tmpresult = call_user_func($pkg['filter_rule_function'], 'rule');


  		




  
  983
  
    
			if (!empty($tmpresult))


  		




  
  984
  
    
				$pkgrules .= $tmpresult . " \n";


  		




  
  985
  
    
			


  		




  
  986
  
    
                }


  		




  
  987
  
    
        }


  		




  
  988
  
    
	if ($pkgnatrules <> "")


  		




  
  989
  
    
		file_put_contents("{$g['tmp_path']}/rules.nat.packages", $pkgnatrules);


  		




  
  990
  
    
	if ($pkgrules <> "")


  		




  
  991
  
    
		file_put_contents("{$g['tmp_path']}/rules.packages", $pkgrules);


  		




  
  992
  
    
	$error = "";


  		




  
  993
  
    
	$status = mwexec("/sbin/pfctl -nf {$g['tmp_path']}/rules.nat.packages");


  		




  
  994
  
    
	if ($status <> 0) {


  		




  
  995
  
    
		log_error("Packages nat rules have problems!");


  		




  
  996
  
    
		$ error = "Packages nat rules have problems!";


  		




  
  997
  
    
	}


  		




  
  998
  
    
	$status = mwexec("/sbin/pfctl -nf {$g['tmp_path']}/rules.packages");


  		




  
  999
  
    
	if ($status <> 0) {


  		




  
  1000
  
    
                log_error("Packages nat rules have problems!");


  		




  
  1001
  
    
                $error .= "\nPackages nat rules have problems!";


  		




  
  1002
  
    
        }


  		




  
  1003
  
    
	if ($error <> "")


  		




  
  1004
  
    
		file_notice($error);


  		




  
  1005
  
    
	else


  		




  
  1006
  
    
		filter_configure();


  		




  
  1007
  
    
}


  		




  
  1008
  
    

  		




  
  1009
  
    
?>


  		












  

    
      usr/local/www/pkg_edit.php
    
  





  201
  201
  
    
		    eval($pkg['custom_add_php_command_late']);


  		




  202
  202
  
    
		}


  		




  203
  203
  
    

  		




  
  204
  
    
		if (isset($pkg['filter_rules_needed']))


  		




  
  205
  
    
			pkg_build_filter_rules();


  		




  
  206
  
    

  		




  204
  207
  
    
		// resync the configuration file code if defined.


  		




  205
  208
  
    
		if($pkg['custom_php_resync_config_command'] <> "") {


  		




  206
  209
  
    
		    eval($pkg['custom_php_resync_config_command']);


  		












Also available in:  Unified diff