Commit 61192fce authored by Franco Fichtner's avatar Franco Fichtner

firewall: revive schedule option, we can kill by label

This makes a lot more sense, just embed the schedule into the label.
parent 88a0b222
......@@ -67,9 +67,8 @@ function alias_expand_urltable($name) {
return null;
}
function fix_rule_label($descr) {
function fix_rule_label($descr)
{
$descr = str_replace('"', '', $descr);
if (strlen($descr) > 63) {
return substr($descr, 0, 60) . "...";
......@@ -2115,14 +2114,21 @@ function filter_generate_user_rule_arr(&$FilterIflist, $rule)
update_filter_reload_status(sprintf(gettext("Creating filter rule %s ..."), $rule['descr']));
$ret = array();
$sched = '';
$descr = '';
if (!empty($rule['sched'])) {
$sched = "({$rule['sched']})";
}
if (!empty($rule['descr'])) {
$descr = ": {$rule['descr']}";
}
$line = filter_generate_user_rule($FilterIflist, $rule);
$ret['rule'] = $line;
$ret['interface'] = $rule['interface'];
if ($rule['descr'] != "" and $line != "") {
$ret['descr'] = "label \"" . fix_rule_label("USER_RULE: {$rule['descr']}") . "\"";
} else {
$ret['descr'] = "label \"USER_RULE\"";
}
$ret['descr'] = 'label "' . fix_rule_label("USER_RULE{$sched}{$descr}") . '"';
return $ret;
}
......@@ -2702,8 +2708,18 @@ function filter_generate_user_rule(&$FilterIflist, $rule)
foreach ($config['schedules']['schedule'] as $sched) {
if ($sched['name'] == $rule['sched']) {
if (!filter_get_time_based_rule_status($sched)) {
if (!isset($config['system']['schedule_states'])) {
$descr = '';
if (!empty($rule['descr'])) {
$descr = ": {$rule['descr']}";
}
mwexecf(
'/sbin/pfctl -k label -k %s',
fix_rule_label("USER_RULE({$rule['sched']}){$descr}")
);
}
/* looks weird but is fine: printed in rules for traceability */
return "# schedule finished - {$rule['descr']}";
return "# schedule finished for";
}
break;
}
......
......@@ -498,6 +498,7 @@ function find_rule_by_number_buffer($rulenum, $type)
} else {
$ruleString = $buffer_rules_normal[$lookup_key];
list(,$rulename,) = explode("\"",$ruleString);
/* XXX 'USER_RULE' may be just that, or 'USER_RULE(<SCHEDULENAME>): ' */
$rulename = str_replace("USER_RULE: ",'<span class="glyphicon glyphicon-user" title="USER_RULE" alt="USER_RULE"></span>',$rulename);
}
return "{$rulename} ({$lookup_key})";
......
......@@ -85,6 +85,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['crypto_hardware'] = !empty($config['system']['crypto_hardware']) ? $config['system']['crypto_hardware'] : null;
$pconfig['cryptodev_enable'] = isset($config['system']['cryptodev_enable']);
$pconfig['thermal_hardware'] = !empty($config['system']['thermal_hardware']) ? $config['system']['thermal_hardware'] : null;
$pconfig['schedule_states'] = isset($config['system']['schedule_states']);
$pconfig['kill_states'] = isset($config['system']['kill_states']);
$pconfig['skip_rules_gw_down'] = isset($config['system']['skip_rules_gw_down']);
$pconfig['use_mfs_tmpvar'] = isset($config['system']['use_mfs_tmpvar']);
......@@ -163,6 +164,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($config['system']['thermal_hardware']);
}
if (!empty($pconfig['schedule_states'])) {
$config['system']['schedule_states'] = true;
} elseif (isset($config['system']['schedule_states'])) {
unset($config['system']['schedule_states']);
}
if (!empty($pconfig['kill_states'])) {
$config['system']['kill_states'] = true;
} elseif (isset($config['system']['kill_states'])) {
......@@ -411,6 +418,19 @@ include("head.inc");
</div>
</td>
</tr>
<tr>
<th colspan="2" valign="top" class="listtopic"><?=gettext("Schedules"); ?></th>
</tr>
<tr>
<td><a id="help_for_schedule_states" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Schedule States"); ?></td>
<td>
<input name="schedule_states" type="checkbox" value="yes" <?=!empty($pconfig['schedule_states']) ? "checked=\"checked\"" :"";?> />
<div class="hidden" for="help_for_schedule_states">
<?=gettext("By default schedules clear the states of existing connections when the expiration time has come. ".
"This option overrides that behavior by not clearing states for existing connections."); ?>
</div>
</td>
</tr>
<tr>
<th colspan="2" valign="top" class="listtopic"><?=gettext("Gateway Monitoring"); ?></th>
</tr>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment