Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
O
OpnSense
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kulya
OpnSense
Commits
e61d3823
Commit
e61d3823
authored
Jul 15, 2015
by
Ad Schellevis
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
(legacy) evil globals... change use of $FilterIflist
parent
8547c8fb
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
53 additions
and
40 deletions
+53
-40
authgui.inc
src/etc/inc/authgui.inc
+3
-7
filter.inc
src/etc/inc/filter.inc
+44
-23
openvpn-client-export.inc
src/etc/inc/openvpn-client-export.inc
+2
-3
firewall_nat_out.php
src/www/firewall_nat_out.php
+4
-7
No files found.
src/etc/inc/authgui.inc
View file @
e61d3823
...
...
@@ -31,6 +31,7 @@
include_once
(
"auth.inc"
);
include_once
(
"priv.inc"
);
require_once
(
"filter.inc"
);
function
getPrivPages
(
&
$entry
,
&
$allowed_pages
)
{
global
$priv_list
;
...
...
@@ -317,8 +318,8 @@ function display_login_form()
}
/* Check against locally configured IP addresses, which will catch when someone
port forwards WebGUI access from WAN to an internal IP on the router. */
global
$FilterIflist
;
port forwards WebGUI access from WAN to an internal IP on the router. */
$FilterIflist
=
filter_generate_optcfg_array
()
;
$local_ip
=
false
;
if
(
strstr
(
$_SERVER
[
'HTTP_HOST'
],
":"
))
{
$http_host_port
=
explode
(
":"
,
$_SERVER
[
'HTTP_HOST'
]);
...
...
@@ -326,10 +327,6 @@ function display_login_form()
}
else
{
$http_host
=
$_SERVER
[
'HTTP_HOST'
];
}
if
(
empty
(
$FilterIflist
))
{
require_once
(
'filter.inc'
);
filter_generate_optcfg_array
();
}
foreach
(
$FilterIflist
as
$iflist
)
{
if
(
$iflist
[
'ip'
]
==
$http_host
)
{
$local_ip
=
true
;
...
...
@@ -338,7 +335,6 @@ function display_login_form()
$local_ip
=
true
;
}
}
unset
(
$FilterIflist
);
if
(
isset
(
$config
[
'virtualip'
]))
{
if
(
$config
[
'virtualip'
][
'vip'
])
{
...
...
src/etc/inc/filter.inc
View file @
e61d3823
...
...
@@ -36,9 +36,6 @@ $after_filter_configure_run = array();
/* For installing cron job of schedules */
$time_based_rules
=
false
;
/* Used to hold the interface list that will be used on ruleset creation. */
$FilterIflist
=
array
();
/* Create a global array to avoid errors on rulesets. */
$GatewaysList
=
array
();
...
...
@@ -149,9 +146,11 @@ function filter_delete_states_for_down_gateways() {
/* reload filter sync */
function
filter_configure_sync
(
$delete_states_if_needed
=
true
)
{
global
$config
,
$g
,
$after_filter_configure_run
,
$FilterIflist
;
global
$config
,
$g
,
$after_filter_configure_run
;
global
$time_based_rules
,
$filterdns
,
$aliases
;
$FilterIflist
=
filter_generate_optcfg_array
()
;
/* Use filter lock to not allow concurrent filter reloads during this run. */
$filterlck
=
lock
(
'filter'
,
LOCK_EX
);
...
...
@@ -372,7 +371,8 @@ function filter_configure_sync($delete_states_if_needed = true)
}
function
filter_generate_scrubing
()
{
global
$config
,
$FilterIflist
;
global
$config
;
$FilterIflist
=
filter_generate_optcfg_array
()
;
$scrubrules
=
""
;
if
(
isset
(
$config
[
'system'
][
'maxmss_enable'
]))
{
...
...
@@ -483,7 +483,8 @@ function filter_expand_alias_array($alias_name) {
function
filter_generate_aliases
()
{
global
$config
,
$FilterIflist
,
$after_filter_configure_run
;
global
$config
,
$after_filter_configure_run
;
$FilterIflist
=
filter_generate_optcfg_array
()
;
$alias
=
"#System aliases
\n
"
;
$aliases
=
"loopback =
\"
{ lo0 }
\"\n
"
;
...
...
@@ -756,13 +757,12 @@ function filter_get_vpns_list() {
* optionally returns an array instead, including friendly interface and gateway (if applicable)
*/
function
filter_get_direct_networks_list
(
$returnsubnetsonly
=
true
)
{
global
$config
,
$FilterIflist
,
$GatewaysList
;
global
$config
,
$GatewaysList
;
$FilterIflist
=
filter_generate_optcfg_array
()
;
/* build list of directly connected interfaces and networks */
$networks
=
""
;
$networks_arr
=
array
();
if
(
empty
(
$FilterIflist
))
{
filter_generate_optcfg_array
();
}
foreach
(
$FilterIflist
as
$ifent
=>
$ifcfg
)
{
$subnet
=
"
{
$ifcfg
[
'sa'
]
}
/
{
$ifcfg
[
'sn'
]
}
"
;
if
(
is_subnet
(
$subnet
))
{
...
...
@@ -819,6 +819,14 @@ function filter_generate_optcfg_array()
{
global
$config
,
$FilterIflist
;
// Nasty hack to avoid unkown status of $FilterIflist, every piece of code using $FilterIflist should use
// this function to retrieve it's content.
if
(
isset
(
$FilterIflist
)
&&
is_array
(
$FilterIflist
)
&&
count
(
$FilterIflist
)
>
0
)
{
return
$FilterIflist
;
}
$FilterIflist
=
array
();
/* if list */
$iflist
=
get_configured_interface_with_descr
();
foreach
(
$iflist
as
$if
=>
$ifdetail
)
{
...
...
@@ -978,11 +986,13 @@ function filter_generate_optcfg_array()
$FilterIflist
[
$ifgen
[
'ifname'
]]
=
$oc
;
}
}
return
$FilterIflist
;
}
function
filter_get_reflection_interfaces
(
$natif
=
""
)
{
global
$FilterIflist
;
$FilterIflist
=
filter_generate_optcfg_array
()
;
$nat_if_list
=
array
();
...
...
@@ -1001,7 +1011,8 @@ function filter_get_reflection_interfaces($natif = "") {
}
function
filter_generate_reflection_nat
(
$rule
,
&
$route_table
,
$nat_ifs
,
$protocol
,
$target
,
$target_ip
,
$target_subnet
=
""
)
{
global
$config
,
$FilterIflist
;
global
$config
;
$FilterIflist
=
filter_generate_optcfg_array
()
;
if
(
!
isset
(
$config
[
'system'
][
'enablenatreflectionhelper'
]))
return
""
;
...
...
@@ -1086,7 +1097,8 @@ function filter_generate_reflection_nat($rule, &$route_table, $nat_ifs, $protoco
}
function
filter_generate_reflection_proxy
(
$rule
,
$nordr
,
$rdr_ifs
,
$srcaddr
,
$dstaddr_port
,
&
$starting_localhost_port
,
&
$reflection_txt
)
{
global
$FilterIflist
,
$config
;
global
$config
;
$FilterIflist
=
filter_generate_optcfg_array
()
;
// Initialize natrules holder string
$natrules
=
""
;
...
...
@@ -1278,7 +1290,8 @@ function filter_generate_reflection_proxy($rule, $nordr, $rdr_ifs, $srcaddr, $ds
}
function
filter_nat_rules_automatic_tonathosts
(
$with_descr
=
false
)
{
global
$config
,
$FilterIflist
,
$GatewaysList
;
global
$config
,
$GatewaysList
;
$FilterIflist
=
filter_generate_optcfg_array
()
;
$tonathosts
=
array
(
"127.0.0.0/8"
);
$descriptions
=
array
(
gettext
(
"localhost"
));
...
...
@@ -1401,7 +1414,8 @@ function filter_nat_rules_automatic_tonathosts($with_descr = false) {
function
filter_nat_rules_outbound_automatic
(
$src
)
{
global
$config
,
$FilterIflist
;
global
$config
;
$FilterIflist
=
filter_generate_optcfg_array
()
;
$rules
=
array
();
...
...
@@ -1443,7 +1457,8 @@ function filter_nat_rules_outbound_automatic($src)
/* Generate a 'nat on' or 'no nat on' rule for given interface */
function
filter_nat_rules_generate_if
(
$if
,
$src
=
"any"
,
$srcport
=
""
,
$dst
=
"any"
,
$dstport
=
""
,
$natip
=
""
,
$natport
=
""
,
$nonat
=
false
,
$staticnatport
=
false
,
$proto
=
""
,
$poolopts
=
""
)
{
global
$config
,
$FilterIflist
;
global
$config
;
$FilterIflist
=
filter_generate_optcfg_array
()
;
/* XXX: billm - any idea if this code is needed? */
if
(
$src
==
"/32"
||
$src
{
0
}
==
"/"
)
return
"# src incorrectly specified
\n
"
;
...
...
@@ -1524,7 +1539,8 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = "
}
function
filter_nat_rules_generate
()
{
global
$config
,
$g
,
$after_filter_configure_run
,
$FilterIflist
,
$GatewaysList
,
$aliases
;
global
$config
,
$g
,
$after_filter_configure_run
,
$GatewaysList
,
$aliases
;
$FilterIflist
=
filter_generate_optcfg_array
()
;
$natrules
=
"no nat proto carp
\n
"
;
$natrules
.=
"no rdr proto carp
\n
"
;
...
...
@@ -2029,7 +2045,7 @@ function filter_generate_port(& $rule, $target = "source", $isnat = false) {
}
function
filter_address_add_vips_subnets
(
&
$subnets
,
$if
,
$not
)
{
global
$FilterIflist
;
$FilterIflist
=
filter_generate_optcfg_array
()
;
$if_subnets
=
array
(
$subnets
);
...
...
@@ -2067,7 +2083,8 @@ function filter_address_add_vips_subnets(&$subnets, $if, $not) {
}
function
filter_generate_address
(
&
$rule
,
$target
=
"source"
,
$isnat
=
false
)
{
global
$FilterIflist
,
$config
;
global
$config
;
$FilterIflist
=
filter_generate_optcfg_array
()
;
$src
=
""
;
if
(
isset
(
$rule
[
$target
][
'any'
]))
{
...
...
@@ -2219,7 +2236,8 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) {
function
filter_generate_user_rule
(
$rule
)
{
global
$config
,
$g
,
$FilterIflist
,
$GatewaysList
;
global
$config
,
$g
,
$GatewaysList
;
$FilterIflist
=
filter_generate_optcfg_array
()
;
/* don't include disabled rules */
if
(
isset
(
$rule
[
'disabled'
]))
{
...
...
@@ -2566,7 +2584,8 @@ function filter_generate_user_rule($rule)
function
filter_rules_generate
()
{
global
$config
,
$g
,
$FilterIflist
,
$time_based_rules
,
$GatewaysList
;
global
$config
,
$g
,
$time_based_rules
,
$GatewaysList
;
$FilterIflist
=
filter_generate_optcfg_array
()
;
$fix_rule_label
=
'fix_rule_label'
;
...
...
@@ -3364,7 +3383,8 @@ function filter_tdr_month($schedule) {
function
filter_setup_logging_interfaces
()
{
global
$config
,
$FilterIflist
;
global
$config
;
$FilterIflist
=
filter_generate_optcfg_array
()
;
$rules
=
''
;
if
(
isset
(
$FilterIflist
[
'lan'
]))
...
...
@@ -3391,7 +3411,8 @@ function filter_process_carp_rules($log)
/* Generate IPsec Filter Items */
function
filter_generate_ipsec_rules
(
$log
=
array
())
{
global
$config
,
$g
,
$FilterIflist
;
global
$config
,
$g
;
$FilterIflist
=
filter_generate_optcfg_array
()
;
if
(
isset
(
$config
[
'system'
][
'disablevpnrules'
]))
{
return
"
\n
# VPN Rules not added disabled in System->Advanced.
\n
"
;
...
...
src/etc/inc/openvpn-client-export.inc
View file @
e61d3823
...
...
@@ -845,9 +845,8 @@ function openvpn_client_export_build_remote_lines($settings, $useaddr, $interfac
}
function
openvpn_client_export_find_port_forwards
(
$targetip
,
$targetport
,
$targetproto
,
$skipprivate
,
$findhostname
=
false
)
{
global
$config
,
$FilterIflist
;
if
(
empty
(
$FilterIflist
))
filter_generate_optcfg_array
();
global
$config
;
$FilterIflist
=
filter_generate_optcfg_array
()
;
$destinations
=
array
();
if
(
!
is_array
(
$config
[
'nat'
])
||
!
is_array
(
$config
[
'nat'
][
'rule'
]))
...
...
src/www/firewall_nat_out.php
View file @
e61d3823
...
...
@@ -31,9 +31,10 @@ require_once("guiconfig.inc");
require_once
(
"functions.inc"
);
require_once
(
"filter.inc"
);
global
$FilterIflist
;
global
$GatewaysList
;
$FilterIflist
=
filter_generate_optcfg_array
()
;
if
(
!
is_array
(
$config
[
'nat'
][
'outbound'
]))
$config
[
'nat'
][
'outbound'
]
=
array
();
...
...
@@ -72,8 +73,6 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") {
* lets automatically create entries
* for all of the interfaces to make life easier on the pip-o-chap
*/
if
(
empty
(
$FilterIflist
))
filter_generate_optcfg_array
();
if
(
empty
(
$GatewaysList
))
filter_generate_gateways
();
$tonathosts
=
filter_nat_rules_automatic_tonathosts
(
true
);
...
...
@@ -105,7 +104,7 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") {
}
}
$savemsg
=
gettext
(
"Default rules for each interface have been created."
);
unset
(
$
FilterIflist
,
$
GatewaysList
);
unset
(
$GatewaysList
);
}
$config
[
'nat'
][
'outbound'
][
'mode'
]
=
$_POST
[
'mode'
];
...
...
@@ -477,12 +476,10 @@ include("head.inc");
</tbody>
<?php
if
(
$mode
==
"automatic"
||
$mode
==
"hybrid"
)
:
if
(
empty
(
$FilterIflist
))
filter_generate_optcfg_array
();
if
(
empty
(
$GatewaysList
))
filter_generate_gateways
();
$automatic_rules
=
filter_nat_rules_outbound_automatic
(
implode
(
" "
,
filter_nat_rules_automatic_tonathosts
()));
unset
(
$
FilterIflist
,
$
GatewaysList
);
unset
(
$GatewaysList
);
?>
<thead>
<tr><th
colspan=
"12"
>
<?=
gettext
(
"Automatic rules:"
);
?>
</th></tr>
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment