Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
O
OpnSense
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kulya
OpnSense
Commits
721705d1
Commit
721705d1
authored
Nov 14, 2016
by
Franco Fichtner
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
filter: /var/run/booting avoidance #1256
parent
18d46de7
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
37 additions
and
24 deletions
+37
-24
filter.inc
src/etc/inc/filter.inc
+35
-22
rc.bootup
src/etc/rc.bootup
+2
-2
No files found.
src/etc/inc/filter.inc
View file @
721705d1
...
@@ -365,7 +365,7 @@ function filter_delete_states_for_down_gateways()
...
@@ -365,7 +365,7 @@ function filter_delete_states_for_down_gateways()
}
}
}
}
function
filter_configure_sync
()
function
filter_configure_sync
(
$verbose
=
false
)
{
{
global
$config
,
$filterdns
,
$aliases
;
global
$config
,
$filterdns
,
$aliases
;
...
@@ -389,47 +389,58 @@ function filter_configure_sync()
...
@@ -389,47 +389,58 @@ function filter_configure_sync()
filter_pflog_start
();
filter_pflog_start
();
update_filter_reload_status
(
gettext
(
"Initializing"
),
true
);
update_filter_reload_status
(
gettext
(
"Initializing"
),
true
);
/* Get interface list to work with. */
if
(
$verbose
)
{
if
(
file_exists
(
"/var/run/booting"
))
{
echo
'Configuring firewall.'
;
echo
gettext
(
"Configuring firewall"
);
flush
(
);
}
}
/* generate aliases */
/* generate aliases */
if
(
file_exists
(
"/var/run/booting"
))
{
echo
"."
;
}
update_filter_reload_status
(
gettext
(
"Creating aliases"
));
update_filter_reload_status
(
gettext
(
"Creating aliases"
));
$aliases
=
filter_generate_aliases
(
$FilterIflist
,
$after_filter_configure_run
);
$aliases
=
filter_generate_aliases
(
$FilterIflist
,
$after_filter_configure_run
);
$gateways
=
filter_generate_gateways
();
$gateways
=
filter_generate_gateways
();
if
(
file_exists
(
"/var/run/booting"
))
{
echo
"."
;
if
(
$verbose
)
{
echo
'.'
;
flush
();
}
}
update_filter_reload_status
(
gettext
(
"Generating NAT rules"
));
/* generate nat rules */
/* generate nat rules */
update_filter_reload_status
(
gettext
(
"Generating NAT rules"
));
$natrules
=
filter_nat_rules_generate
(
$FilterIflist
);
$natrules
=
filter_nat_rules_generate
(
$FilterIflist
);
if
(
file_exists
(
"/var/run/booting"
))
{
echo
"."
;
if
(
$verbose
)
{
echo
'.'
;
flush
();
}
}
update_filter_reload_status
(
gettext
(
"Generating filter rules"
));
/* generate pfctl rules */
/* generate pfctl rules */
update_filter_reload_status
(
gettext
(
"Generating filter rules"
));
$pfrules
=
filter_rules_generate
(
$FilterIflist
);
$pfrules
=
filter_rules_generate
(
$FilterIflist
);
if
(
file_exists
(
"/var/run/booting"
))
{
echo
"."
;
if
(
$verbose
)
{
echo
'.'
;
flush
();
}
}
update_filter_reload_status
(
gettext
(
"Loading filter rules"
));
/* enable pf if we need to, otherwise disable */
/* enable pf if we need to, otherwise disable */
update_filter_reload_status
(
gettext
(
"Loading filter rules"
));
if
(
!
isset
(
$config
[
'system'
][
'disablefilter'
]))
{
if
(
!
isset
(
$config
[
'system'
][
'disablefilter'
]))
{
mwexec
(
"/sbin/pfctl -e"
,
true
);
mwexec
(
"/sbin/pfctl -e"
,
true
);
}
else
{
}
else
{
mwexec
(
"/sbin/pfctl -d"
,
true
);
mwexec
(
"/sbin/pfctl -d"
,
true
);
update_filter_reload_status
(
gettext
(
"Filter is disabled. Not loading rules."
));
update_filter_reload_status
(
gettext
(
"Filter is disabled. Not loading rules."
));
if
(
file_exists
(
"/var/run/booting"
)
)
{
if
(
$verbose
)
{
echo
gettext
(
"done."
)
.
"
\n
"
;
echo
"done.
\n
"
;
}
}
unlock
(
$filterlck
);
unlock
(
$filterlck
);
return
;
return
;
}
}
if
(
$verbose
)
{
echo
'.'
;
flush
();
}
$limitrules
=
""
;
$limitrules
=
""
;
/* User defined maximum table entries in Advanced menu. */
/* User defined maximum table entries in Advanced menu. */
if
(
!
empty
(
$config
[
'system'
][
'maximumtableentries'
])
&&
is_numeric
(
$config
[
'system'
][
'maximumtableentries'
]))
{
if
(
!
empty
(
$config
[
'system'
][
'maximumtableentries'
])
&&
is_numeric
(
$config
[
'system'
][
'maximumtableentries'
]))
{
...
@@ -581,8 +592,9 @@ function filter_configure_sync()
...
@@ -581,8 +592,9 @@ function filter_configure_sync()
mwexecf
(
'/sbin/pfctl -T flush -t %s'
,
$afcr
);
mwexecf
(
'/sbin/pfctl -T flush -t %s'
,
$afcr
);
}
}
if
(
file_exists
(
"/var/run/booting"
))
{
if
(
$verbose
)
{
echo
"."
;
echo
'.'
;
flush
();
}
}
update_filter_reload_status
(
gettext
(
"Processing down interface states"
));
update_filter_reload_status
(
gettext
(
"Processing down interface states"
));
...
@@ -591,8 +603,9 @@ function filter_configure_sync()
...
@@ -591,8 +603,9 @@ function filter_configure_sync()
}
}
update_filter_reload_status
(
gettext
(
"Done"
));
update_filter_reload_status
(
gettext
(
"Done"
));
if
(
file_exists
(
"/var/run/booting"
))
{
echo
gettext
(
"done."
)
.
"
\n
"
;
if
(
$verbose
)
{
echo
"done.
\n
"
;
}
}
unlock
(
$filterlck
);
unlock
(
$filterlck
);
...
...
src/etc/rc.bootup
View file @
721705d1
...
@@ -154,7 +154,7 @@ echo "done.\n";
...
@@ -154,7 +154,7 @@ echo "done.\n";
system_resolvconf_generate
();
system_resolvconf_generate
();
/* setup pf */
/* setup pf */
filter_configure_sync
();
filter_configure_sync
(
true
);
/* start pflog */
/* start pflog */
echo
"Starting PFLOG..."
;
echo
"Starting PFLOG..."
;
...
@@ -214,7 +214,7 @@ services_dhcrelay6_configure();
...
@@ -214,7 +214,7 @@ services_dhcrelay6_configure();
mwexec
(
"/usr/local/etc/rc.dyndns.update"
);
mwexec
(
"/usr/local/etc/rc.dyndns.update"
);
/* Run a filter configure now that most all services have started */
/* Run a filter configure now that most all services have started */
filter_configure_sync
();
filter_configure_sync
(
true
);
/* Run all registered plugins */
/* Run all registered plugins */
if
(
function_exists
(
'plugins_configure'
))
{
if
(
function_exists
(
'plugins_configure'
))
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment