Commit 2374484b authored by Ad Schellevis's avatar Ad Schellevis

(filter) move pptpd rules to a temporary spot. they belong to the plugin, but...

(filter) move pptpd rules to a temporary spot. they belong to the plugin, but before we can change the plugin this code need to be active
parent 5a94936b
...@@ -2179,7 +2179,6 @@ function filter_generate_user_rule(&$FilterIflist, $rule) ...@@ -2179,7 +2179,6 @@ function filter_generate_user_rule(&$FilterIflist, $rule)
return "# rule " . $rule['descr'] . " disabled \n"; return "# rule " . $rule['descr'] . " disabled \n";
} }
update_filter_reload_status("Creating filter rules {$rule['descr']} ..."); update_filter_reload_status("Creating filter rules {$rule['descr']} ...");
$pptpdcfg = $config['pptpd'];
$int = ""; $int = "";
$aline = array(); $aline = array();
// initialize array with empty tags // initialize array with empty tags
...@@ -2526,8 +2525,6 @@ function filter_rules_generate(&$FilterIflist) ...@@ -2526,8 +2525,6 @@ function filter_rules_generate(&$FilterIflist)
update_filter_reload_status(gettext("Creating default rules")); update_filter_reload_status(gettext("Creating default rules"));
$pptpdcfg = $config['pptpd'];
$ipfrules = ""; $ipfrules = "";
# BEGIN OF firewall rules # BEGIN OF firewall rules
...@@ -2568,26 +2565,6 @@ function filter_rules_generate(&$FilterIflist) ...@@ -2568,26 +2565,6 @@ function filter_rules_generate(&$FilterIflist)
} }
} }
if (isset($pptpdcfg['mode']) && $pptpdcfg['mode'] == 'server' && !isset($config['system']['disablevpnrules'])) {
if ($pptpdcfg['mode'] == "server") {
$pptpdtarget = get_interface_ip();
}
if (is_ipaddr($pptpdtarget) && is_array($FilterIflist['wan'])) {
$ipfrules .= <<<EOD
# PPTPd rules
pass in {$log['pass']} on \${$FilterIflist['wan']['descr']} proto tcp from any to $pptpdtarget port = 1723 modulate state label "{$fix_rule_label("allow pptpd {$pptpdtarget}")}"
pass in {$log['pass']} on \${$FilterIflist['wan']['descr']} proto gre from any to any keep state label "allow gre pptpd"
EOD;
} else {
/* this shouldnt ever happen but instead of breaking the clients ruleset
* log an error.
*/
log_error("ERROR! PPTP enabled but could not resolve the \$pptpdtarget");
}
}
if (isset($config['filter']['rule'])) { if (isset($config['filter']['rule'])) {
/* Pre-cache all our rules so we only have to generate them once */ /* Pre-cache all our rules so we only have to generate them once */
$rule_arr1 = array(); $rule_arr1 = array();
......
...@@ -339,4 +339,20 @@ function filter_core_rules_system($fw, $defaults) ...@@ -339,4 +339,20 @@ function filter_core_rules_system($fw, $defaults)
); );
} }
} }
// TODO: move to pptpd plugin when filter.lib.inc is part of the standard release
$pptpdcfg = $config['pptpd'];
if (isset($pptpdcfg['mode']) && $pptpdcfg['mode'] == 'server' && !isset($config['system']['disablevpnrules'])) {
$fw->registerFilterRule(5,
array('direction' => 'in', 'interface' => 'wan', 'statetype' => 'modulate','protocol' => 'tcp',
'to' => '(self)', 'to_port' => '1723', 'quick' => false, 'label' =>'allow pptpd'),
$defaults['pass']
);
$fw->registerFilterRule(5,
array('direction' => 'in', 'interface' => 'wan', 'statetype' => 'modulate',
'protocol' => 'gre', 'label' =>'allow pptpd', 'quick' => false),
$defaults['pass']
);
}
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment