Skip to content

O
OpnSense
Commit 9b957e31 authored by Franco Fichtner's avatar Franco Fichtner
Browse files
Options

gateways: several changes 

* Plug gateway fixup "feature" into filter_configure_sync(), the
  only point where it should matter as everything else is GUI
  trigger-happy disruption.

* Discourage the use of the "feature" by moving it into the firewall
  advanced settings, adding a deprecated note.

* Use the new system_default_route() call to avoid code drift.
parent 67c9c5d6
Show whitespace changes
Inline Side-by-side
Showing with 30 additions and 31 deletions
src/etc/inc/filter.inc
View file @ 9b957e31
...@@ -394,6 +394,13 @@ function filter_configure_sync($verbose = false) ...@@ -394,6 +394,13 @@ function filter_configure_sync($verbose = false)
flush(); flush();
} }
/* XXX deprectated feature, only called on reconfigure */
if (isset($config['system']['gw_switch_default'])) {
$gateways_status = return_gateways_status(true);
$gateways_arr = return_gateways_array();
fixup_default_gateway($gateways_status, $gateways_arr);
}
/* generate aliases */ /* generate aliases */
update_filter_reload_status(gettext("Creating aliases")); update_filter_reload_status(gettext("Creating aliases"));
$aliases = filter_generate_aliases($FilterIflist); $aliases = filter_generate_aliases($FilterIflist);
...@@ -424,7 +431,7 @@ function filter_configure_sync($verbose = false) ...@@ -424,7 +431,7 @@ function filter_configure_sync($verbose = false)
/* enable pf if we need to, otherwise disable */ /* enable pf if we need to, otherwise disable */
update_filter_reload_status(gettext("Loading filter rules")); update_filter_reload_status(gettext("Loading filter rules"));
if (!isset ($config['system']['disablefilter'])) { if (!isset($config['system']['disablefilter'])) {
mwexec("/sbin/pfctl -e", true); mwexec("/sbin/pfctl -e", true);
} else { } else {
mwexec("/sbin/pfctl -d", true); mwexec("/sbin/pfctl -d", true);
......
src/etc/inc/gwlb.inc
View file @ 9b957e31
...@@ -768,22 +768,18 @@ function fixup_default_gateway($gateways_status, $gateways_arr) ...@@ -768,22 +768,18 @@ function fixup_default_gateway($gateways_status, $gateways_arr)
} }
$defaultif = get_real_interface($gateways_arr[$dfltgwname]['friendlyiface']); $defaultif = get_real_interface($gateways_arr[$dfltgwname]['friendlyiface']);
$gwipmatch = $gwip;
if (is_linklocal($gwip)) { if (is_linklocal($gwip)) {
/* correct match in IPv6 case */ /* correct match in IPv6 case */
$gwip .= "%{$defaultif}"; $gwipmatch .= "%{$defaultif}";
} }
$tmpcmd = "/sbin/route -n get -{$ipprotocol} default 2>/dev/null | /usr/bin/awk '/gateway:/ {print $2}'"; $tmpcmd = "/sbin/route -n get -{$ipprotocol} default 2>/dev/null | /usr/bin/awk '/gateway:/ {print $2}'";
$defaultgw = trim(exec($tmpcmd), " \n"); $defaultgw = trim(exec($tmpcmd), " \n");
if ($defaultgw != $gwip) { if ($defaultgw != $gwipmatch) {
log_error("Switching default gateway to $dfltgwname ($gwip)"); log_error("Switching default gateway to $dfltgwname ($gwip)");
/* XXX fargw and IPv6 should be cleaned up to make it easier to read */
mwexecf('/sbin/route delete -%s default', array($ipprotocol), true); system_default_route($gwip, !isset($gateways_arr[$dfltgwname]['fargw']) && $ipprotocol == 'inet' ? null : $defaultif);
if ($gateways_arr[$dfltgwname]['fargw']) {
mwexecf('/sbin/route delete -%s %s -interface %s', array($ipprotocol, $gwip, $defaultif), true);
mwexecf('/sbin/route add -%s %s -interface %s', array($ipprotocol, $gwip, $defaultif));
}
mwexecf('/sbin/route add -%s default %s', array($ipprotocol, $gwip));
} }
} }
} }
...@@ -801,9 +797,6 @@ function return_gateway_groups_array() ...@@ -801,9 +797,6 @@ function return_gateway_groups_array()
$gateways_arr = return_gateways_array(); $gateways_arr = return_gateways_array();
$gateway_groups_array = array(); $gateway_groups_array = array();
if (isset($config['system']['gw_switch_default'])) {
fixup_default_gateway($gateways_status, $gateways_arr);
}
if (isset($config['gateways']['gateway_group'])) { if (isset($config['gateways']['gateway_group'])) {
$carplist = get_configured_carp_interface_list(); $carplist = get_configured_carp_interface_list();
foreach ($config['gateways']['gateway_group'] as $group) { foreach ($config['gateways']['gateway_group'] as $group) {
......
src/www/system_advanced_firewall.php
View file @ 9b957e31
...@@ -57,6 +57,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -57,6 +57,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['schedule_states'] = isset($config['system']['schedule_states']); $pconfig['schedule_states'] = isset($config['system']['schedule_states']);
$pconfig['kill_states'] = isset($config['system']['kill_states']); $pconfig['kill_states'] = isset($config['system']['kill_states']);
$pconfig['skip_rules_gw_down'] = isset($config['system']['skip_rules_gw_down']); $pconfig['skip_rules_gw_down'] = isset($config['system']['skip_rules_gw_down']);
$pconfig['gw_switch_default'] = isset($config['system']['gw_switch_default']);
$pconfig['lb_use_sticky'] = isset($config['system']['lb_use_sticky']); $pconfig['lb_use_sticky'] = isset($config['system']['lb_use_sticky']);
$pconfig['pf_share_forward'] = isset($config['system']['pf_share_forward']); $pconfig['pf_share_forward'] = isset($config['system']['pf_share_forward']);
$pconfig['srctrack'] = !empty($config['system']['srctrack']) ? $config['system']['srctrack'] : null; $pconfig['srctrack'] = !empty($config['system']['srctrack']) ? $config['system']['srctrack'] : null;
...@@ -204,6 +205,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -204,6 +205,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($config['system']['skip_rules_gw_down']); unset($config['system']['skip_rules_gw_down']);
} }
if (!empty($pconfig['gw_switch_default'])) {
$config['system']['gw_switch_default'] = true;
} elseif (isset($config['system']['gw_switch_default'])) {
unset($config['system']['gw_switch_default']);
}
write_config(); write_config();
// Kill filterdns when value changes, filter_configure() will restart it // Kill filterdns when value changes, filter_configure() will restart it
...@@ -355,6 +362,16 @@ include("head.inc"); ...@@ -355,6 +362,16 @@ include("head.inc");
</div> </div>
</td> </td>
</tr> </tr>
<tr>
<td><a id="help_for_gw_switch_default" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext('Gateway switching') ?></td>
<td>
<input name="gw_switch_default" type="checkbox" id="gw_switch_default" value="yes" <?= !empty($pconfig['gw_switch_default']) ? 'checked="checked"' : '' ?> />
<strong><?=gettext("Allow default gateway switching"); ?></strong><br />
<div class="hidden" for="help_for_gw_switch_default">
<?= gettext('If the link where the default gateway resides fails switch the default gateway to another available one. This feature has been deprecated.') ?>
</div>
</td>
</tr>
<tr> <tr>
<th colspan="2" valign="top" class="listtopic"><?= gettext('Multi-WAN') ?></th> <th colspan="2" valign="top" class="listtopic"><?= gettext('Multi-WAN') ?></th>
</tr> </tr>
......
src/www/system_general.php
View file @ 9b957e31
...@@ -44,7 +44,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -44,7 +44,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['language'] = null; $pconfig['language'] = null;
$pconfig['timezone'] = 'Etc/UTC'; $pconfig['timezone'] = 'Etc/UTC';
$pconfig['prefer_ipv4'] = isset($config['system']['prefer_ipv4']); $pconfig['prefer_ipv4'] = isset($config['system']['prefer_ipv4']);
$pconfig['gw_switch_default'] = isset($config['system']['gw_switch_default']);
$pconfig['hostname'] = $config['system']['hostname']; $pconfig['hostname'] = $config['system']['hostname'];
$pconfig['domain'] = $config['system']['domain']; $pconfig['domain'] = $config['system']['domain'];
...@@ -136,12 +135,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -136,12 +135,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($config['system']['prefer_ipv4']); unset($config['system']['prefer_ipv4']);
} }
if (!empty($pconfig['gw_switch_default'])) {
$config['system']['gw_switch_default'] = true;
} elseif (isset($config['system']['gw_switch_default'])) {
unset($config['system']['gw_switch_default']);
}
$config['system']['dnsallowoverride'] = !empty($pconfig['dnsallowoverride']); $config['system']['dnsallowoverride'] = !empty($pconfig['dnsallowoverride']);
if($pconfig['dnslocalhost'] == "yes") { if($pconfig['dnslocalhost'] == "yes") {
...@@ -346,17 +339,6 @@ include("head.inc"); ...@@ -346,17 +339,6 @@ include("head.inc");
</div> </div>
</td> </td>
</tr> </tr>
<tr>
<td><a id="help_for_gw_switch_default" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Gateway switching");?> </td>
<td>
<input name="gw_switch_default" type="checkbox" id="gw_switch_default" value="yes" <?= !empty($pconfig['gw_switch_default']) ? "checked=\"checked\"" : "";?> />
<strong><?=gettext("Allow default gateway switching"); ?></strong><br />
<div class="hidden" for="help_for_gw_switch_default">
<?=gettext("If the link where the default gateway resides fails " .
"switch the default gateway to another available one."); ?>
</div>
</td>
</tr>
<tr> <tr>
<td><a id="help_for_dnsservers" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("DNS servers"); ?></td> <td><a id="help_for_dnsservers" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("DNS servers"); ?></td>
<td> <td>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023