Commit d2246652 authored by Franco Fichtner's avatar Franco Fichtner

filter: /var/run/booting avoidance #1256

(cherry picked from commit 721705d1)
parent 95ec8331
...@@ -363,7 +363,7 @@ function filter_delete_states_for_down_gateways() ...@@ -363,7 +363,7 @@ function filter_delete_states_for_down_gateways()
} }
} }
function filter_configure_sync() function filter_configure_sync($verbose = false)
{ {
global $config, $filterdns, $aliases; global $config, $filterdns, $aliases;
...@@ -385,47 +385,58 @@ function filter_configure_sync() ...@@ -385,47 +385,58 @@ function filter_configure_sync()
filter_pflog_start(); filter_pflog_start();
update_filter_reload_status(gettext("Initializing"), true); update_filter_reload_status(gettext("Initializing"), true);
/* Get interface list to work with. */ if ($verbose) {
if (file_exists("/var/run/booting")) { echo 'Configuring firewall.';
echo gettext("Configuring firewall"); flush();
} }
/* generate aliases */ /* generate aliases */
if (file_exists("/var/run/booting")) {
echo ".";
}
update_filter_reload_status(gettext("Creating aliases")); update_filter_reload_status(gettext("Creating aliases"));
$aliases = filter_generate_aliases($FilterIflist, $after_filter_configure_run); $aliases = filter_generate_aliases($FilterIflist, $after_filter_configure_run);
$gateways = filter_generate_gateways(); $gateways = filter_generate_gateways();
if (file_exists("/var/run/booting")) {
echo "."; if ($verbose) {
echo '.';
flush();
} }
update_filter_reload_status(gettext("Generating NAT rules"));
/* generate nat rules */ /* generate nat rules */
update_filter_reload_status(gettext("Generating NAT rules"));
$natrules = filter_nat_rules_generate($FilterIflist); $natrules = filter_nat_rules_generate($FilterIflist);
if (file_exists("/var/run/booting")) {
echo "."; if ($verbose) {
echo '.';
flush();
} }
update_filter_reload_status(gettext("Generating filter rules"));
/* generate pfctl rules */ /* generate pfctl rules */
update_filter_reload_status(gettext("Generating filter rules"));
$pfrules = filter_rules_generate($FilterIflist); $pfrules = filter_rules_generate($FilterIflist);
if (file_exists("/var/run/booting")) {
echo "."; if ($verbose) {
echo '.';
flush();
} }
update_filter_reload_status(gettext("Loading filter rules"));
/* enable pf if we need to, otherwise disable */ /* enable pf if we need to, otherwise disable */
update_filter_reload_status(gettext("Loading filter rules"));
if (!isset ($config['system']['disablefilter'])) { if (!isset ($config['system']['disablefilter'])) {
mwexec("/sbin/pfctl -e", true); mwexec("/sbin/pfctl -e", true);
} else { } else {
mwexec("/sbin/pfctl -d", true); mwexec("/sbin/pfctl -d", true);
update_filter_reload_status(gettext("Filter is disabled. Not loading rules.")); update_filter_reload_status(gettext("Filter is disabled. Not loading rules."));
if (file_exists("/var/run/booting")) { if ($verbose) {
echo gettext("done.") . "\n"; echo "done.\n";
} }
unlock($filterlck); unlock($filterlck);
return; return;
} }
if ($verbose) {
echo '.';
flush();
}
$limitrules = ""; $limitrules = "";
/* User defined maximum table entries in Advanced menu. */ /* User defined maximum table entries in Advanced menu. */
if (!empty($config['system']['maximumtableentries']) && is_numeric($config['system']['maximumtableentries'])) { if (!empty($config['system']['maximumtableentries']) && is_numeric($config['system']['maximumtableentries'])) {
...@@ -575,8 +586,9 @@ function filter_configure_sync() ...@@ -575,8 +586,9 @@ function filter_configure_sync()
mwexecf('/sbin/pfctl -T flush -t %s', $afcr); mwexecf('/sbin/pfctl -T flush -t %s', $afcr);
} }
if (file_exists("/var/run/booting")) { if ($verbose) {
echo "."; echo '.';
flush();
} }
update_filter_reload_status(gettext("Processing down interface states")); update_filter_reload_status(gettext("Processing down interface states"));
...@@ -585,8 +597,9 @@ function filter_configure_sync() ...@@ -585,8 +597,9 @@ function filter_configure_sync()
} }
update_filter_reload_status(gettext("Done")); update_filter_reload_status(gettext("Done"));
if (file_exists("/var/run/booting")) {
echo gettext("done.") . "\n"; if ($verbose) {
echo "done.\n";
} }
unlock($filterlck); unlock($filterlck);
......
...@@ -152,7 +152,7 @@ echo "done.\n"; ...@@ -152,7 +152,7 @@ echo "done.\n";
system_resolvconf_generate(); system_resolvconf_generate();
/* setup pf */ /* setup pf */
filter_configure_sync(); filter_configure_sync(true);
/* start pflog */ /* start pflog */
echo "Starting PFLOG..."; echo "Starting PFLOG...";
...@@ -212,7 +212,7 @@ services_dhcrelay6_configure(); ...@@ -212,7 +212,7 @@ services_dhcrelay6_configure();
mwexec("/usr/local/etc/rc.dyndns.update"); mwexec("/usr/local/etc/rc.dyndns.update");
/* Run a filter configure now that most all services have started */ /* Run a filter configure now that most all services have started */
filter_configure_sync(); filter_configure_sync(true);
/* Run all registered plugins */ /* Run all registered plugins */
if (function_exists('plugins_configure')) { if (function_exists('plugins_configure')) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment