Commit af021d13 authored by Franco Fichtner's avatar Franco Fichtner

firewall: fix non-report of errors when error could not be parsed; #810

(cherry picked from commit a70e1e97)
parent a167200a
...@@ -201,7 +201,6 @@ function filter_configure_sync() ...@@ -201,7 +201,6 @@ function filter_configure_sync()
mwexec("/sbin/pfctl -e", true); mwexec("/sbin/pfctl -e", true);
} else { } else {
mwexec("/sbin/pfctl -d", true); mwexec("/sbin/pfctl -d", true);
@unlink('/tmp/filter_loading');
update_filter_reload_status(gettext("Filter is disabled. Not loading rules.")); update_filter_reload_status(gettext("Filter is disabled. Not loading rules."));
if (file_exists("/var/run/booting")) { if (file_exists("/var/run/booting")) {
echo gettext("done.") . "\n"; echo gettext("done.") . "\n";
...@@ -284,19 +283,29 @@ function filter_configure_sync() ...@@ -284,19 +283,29 @@ function filter_configure_sync()
* check for a error while loading the rules file. if an error has occurred * check for a error while loading the rules file. if an error has occurred
* then output the contents of the error to the caller * then output the contents of the error to the caller
*/ */
if ($rules_loading <> 0) { if ($rules_loading) {
/* XXX ALTQ not loaded message compat */
$altq_strip = 2;
if (count($rules_error) >= $altq_strip) {
foreach (range(1, $altq_strip) as $altq_unused) {
if (strpos($rules_error[0], 'ALTQ') !== false) {
array_shift($rules_error);
}
}
}
$saved_line_error = $rules_error[0]; $saved_line_error = $rules_error[0];
$config_line_error = '';
$line_error = explode(":", $rules_error[0]); $line_error = explode(":", $rules_error[0]);
if (isset($line_error[1])) { if (isset($line_error[1])) {
// only report issues with line numbers // only report issues with line numbers
$line_number = $line_error[1]; $line_number = $line_error[1];
$line_split = file('/tmp/rules.debug'); $line_split = file('/tmp/rules.debug');
if (is_array($line_split)) { if (is_array($line_split)) {
$line_error = sprintf(gettext('The line in question reads [%d]: %s'), $line_number, $line_split[$line_number-1]); $config_line_error = sprintf(' - ' . gettext('The line in question reads [%d]: %s'), $line_number, $line_split[$line_number-1]);
} }
unset($line_split); unset($line_split);
} else {
$line_number = null;
} }
/* Brutal ugly hack but required -- PF is stuck, unwedge */ /* Brutal ugly hack but required -- PF is stuck, unwedge */
...@@ -309,13 +318,11 @@ function filter_configure_sync() ...@@ -309,13 +318,11 @@ function filter_configure_sync()
} }
unset($rules_loading, $rules_error); unset($rules_loading, $rules_error);
if ($line_error and $line_number) { file_notice('filter_load', sprintf(gettext('There were error(s) loading the rules: %s%s'), $saved_line_error, $config_line_error), 'Filter Reload', '');
file_notice("filter_load", sprintf(gettext('There were error(s) loading the rules: %s - %s'), $saved_line_error, $line_error), "Filter Reload", ""); update_filter_reload_status(sprintf(gettext('There were error(s) loading the rules: %s%s'), $saved_line_error, $config_line_error));
update_filter_reload_status(sprintf(gettext('There were error(s) loading the rules: %s - %s'), $saved_line_error, $line_error));
unlock($filterlck); unlock($filterlck);
return; return;
} }
}
# If we are not using bogonsv6 then we can remove any bogonsv6 table from the running pf (if the table is not there, the kill is still fine). # If we are not using bogonsv6 then we can remove any bogonsv6 table from the running pf (if the table is not there, the kill is still fine).
if (!is_bogonsv6_used()) { if (!is_bogonsv6_used()) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment