Commit 79636d4a authored by Ad Schellevis's avatar Ad Schellevis

(ipfw) move ipfw into standard rc system and move config locations

parent d9ea789f
#!/bin/sh
# Copyright (c) 2015 Deciso B.V.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
# script to glue standard ipfw rc scripting to OPNsense ruleset
# see auto generated file /etc/rc.conf.d/ipfw for details
# reload ipfw rules
/sbin/ipfw -f /usr/local/etc/ipfw.rules
[reload] [reload]
command:/sbin/ipfw -f /tmp/ipfw.rules command:/etc/rc.d/ipfw start
parameters: parameters:
type:script type:script
message:restarting ipfw message:restarting ipfw
ipfw.conf:/tmp/ipfw.rules rc.conf.d:/etc/rc.conf.d/ipfw
ipfw.conf:/usr/local/etc/ipfw.rules
...@@ -6,8 +6,10 @@ ...@@ -6,8 +6,10 @@
{% set is_cp=[] %} {% set is_cp=[] %}
{% for cp_key,cp_item in captiveportal.iteritems() %} {% for cp_key,cp_item in captiveportal.iteritems() %}
{% if intf_key == cp_item.interface and interface.ipaddr != 'dhcp' %} {% if intf_key == cp_item.interface and interface.ipaddr != 'dhcp' %}
{% do cp_interface_list.append({'zone':cp_key,'zoneid':cp_item.zoneid,'if':interface.if}) %} {% if cp_item.enable|default('0') == '1' %}
{% do is_cp.append(1) %} {% do cp_interface_list.append({'zone':cp_key,'zoneid':cp_item.zoneid,'if':interface.if}) %}
{% do is_cp.append(1) %}
{% endif %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% if not is_cp%} {% if not is_cp%}
......
{% set cp_zones = [] %}
{% if helpers.exists('captiveportal') %}
{% for cp_key,cp_item in captiveportal.iteritems() %}
{% if cp_item.enable|default("0") == '1' %}
{% do cp_zones.append(cp_key) %}
{% endif %}
{% endfor %}
{% endif %}
firewall_enable="{% if OPNsense.TrafficShaper.enabled|default("0") == "1" or cp_zones %}YES{% else %}NO{% endif %}"
firewall_script="/usr/local/etc/rc.ipfw"
dummynet_enable="YES"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment