Commit d2246652 authored by Franco Fichtner's avatar Franco Fichtner

filter: /var/run/booting avoidance #1256

(cherry picked from commit 721705d1)
parent 95ec8331
......@@ -363,7 +363,7 @@ function filter_delete_states_for_down_gateways()
}
}
function filter_configure_sync()
function filter_configure_sync($verbose = false)
{
global $config, $filterdns, $aliases;
......@@ -385,47 +385,58 @@ function filter_configure_sync()
filter_pflog_start();
update_filter_reload_status(gettext("Initializing"), true);
/* Get interface list to work with. */
if (file_exists("/var/run/booting")) {
echo gettext("Configuring firewall");
if ($verbose) {
echo 'Configuring firewall.';
flush();
}
/* generate aliases */
if (file_exists("/var/run/booting")) {
echo ".";
}
update_filter_reload_status(gettext("Creating aliases"));
$aliases = filter_generate_aliases($FilterIflist, $after_filter_configure_run);
$gateways = filter_generate_gateways();
if (file_exists("/var/run/booting")) {
echo ".";
if ($verbose) {
echo '.';
flush();
}
update_filter_reload_status(gettext("Generating NAT rules"));
/* generate nat rules */
update_filter_reload_status(gettext("Generating NAT rules"));
$natrules = filter_nat_rules_generate($FilterIflist);
if (file_exists("/var/run/booting")) {
echo ".";
if ($verbose) {
echo '.';
flush();
}
update_filter_reload_status(gettext("Generating filter rules"));
/* generate pfctl rules */
update_filter_reload_status(gettext("Generating filter rules"));
$pfrules = filter_rules_generate($FilterIflist);
if (file_exists("/var/run/booting")) {
echo ".";
if ($verbose) {
echo '.';
flush();
}
update_filter_reload_status(gettext("Loading filter rules"));
/* enable pf if we need to, otherwise disable */
update_filter_reload_status(gettext("Loading filter rules"));
if (!isset ($config['system']['disablefilter'])) {
mwexec("/sbin/pfctl -e", true);
} else {
mwexec("/sbin/pfctl -d", true);
update_filter_reload_status(gettext("Filter is disabled. Not loading rules."));
if (file_exists("/var/run/booting")) {
echo gettext("done.") . "\n";
if ($verbose) {
echo "done.\n";
}
unlock($filterlck);
return;
}
if ($verbose) {
echo '.';
flush();
}
$limitrules = "";
/* User defined maximum table entries in Advanced menu. */
if (!empty($config['system']['maximumtableentries']) && is_numeric($config['system']['maximumtableentries'])) {
......@@ -575,8 +586,9 @@ function filter_configure_sync()
mwexecf('/sbin/pfctl -T flush -t %s', $afcr);
}
if (file_exists("/var/run/booting")) {
echo ".";
if ($verbose) {
echo '.';
flush();
}
update_filter_reload_status(gettext("Processing down interface states"));
......@@ -585,8 +597,9 @@ function filter_configure_sync()
}
update_filter_reload_status(gettext("Done"));
if (file_exists("/var/run/booting")) {
echo gettext("done.") . "\n";
if ($verbose) {
echo "done.\n";
}
unlock($filterlck);
......
......@@ -152,7 +152,7 @@ echo "done.\n";
system_resolvconf_generate();
/* setup pf */
filter_configure_sync();
filter_configure_sync(true);
/* start pflog */
echo "Starting PFLOG...";
......@@ -212,7 +212,7 @@ services_dhcrelay6_configure();
mwexec("/usr/local/etc/rc.dyndns.update");
/* Run a filter configure now that most all services have started */
filter_configure_sync();
filter_configure_sync(true);
/* Run all registered plugins */
if (function_exists('plugins_configure')) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment