remove non functional L7 filter

to be replaced in a (near) future release. (also related to kernel cleanup)
opnsense · Apr 27, 2015 · 1ad2082 · 1ad2082
1 parent e5d1a1c
commit 1ad2082
Show file tree

Hide file tree

Showing 16 changed files with 17 additions and 1,226 deletions.
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
@@ -198,8 +198,6 @@ function filter_configure_sync($delete_states_if_needed = true)
 		echo ".";
 	update_filter_reload_status(gettext("Generating ALTQ queues"));
 	$altq_queues = filter_generate_altq_queues();
-	update_filter_reload_status(gettext("Generating Layer7 rules"));
-	generate_layer7_files();
 	if(file_exists("/var/run/booting"))
 		echo ".";
 	update_filter_reload_status(gettext("Loading filter rules"));
@@ -322,9 +320,6 @@ function filter_configure_sync($delete_states_if_needed = true)
 		$_grbg = exec('/sbin/pfctl -t bogonsv6 -T kill 2>/dev/null');
 	}
 
-	update_filter_reload_status(gettext("Starting up layer7 daemon"));
-	layer7_start_l7daemon();
-
 	if (!empty($filterdns)) {
 		@file_put_contents('/var/etc/filterdns.conf', implode('', $filterdns));
 		unset($filterdns);
@@ -836,7 +831,6 @@ function filter_generate_optcfg_array()
 {
 	global $config, $FilterIflist;
 
-	read_layer7_config();
 	/* if list */
 	$iflist = get_configured_interface_with_descr();
 	foreach ($iflist as $if => $ifdetail) {
@@ -2227,7 +2221,6 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) {
 function filter_generate_user_rule($rule)
 {
 	global $config, $g, $FilterIflist, $GatewaysList;
-	global $layer7_rules_list;
 
 	/* don't include disabled rules */
 	if(isset($rule['disabled'])) {
@@ -2379,15 +2372,6 @@ function filter_generate_user_rule($rule)
 	}
 	$aline['dst'] = "to $dst ";
 
-	//Layer7 support
-	$l7_present = false;
-	$l7_structures = array();
-	if(isset($rule['l7container']) && $rule['l7container'] != "none") {
-		$l7_present = true;
-		$l7rule =& $layer7_rules_list[$rule['l7container']];
-		$l7_structures = $l7rule->get_unique_structures();
-		$aline['divert'] = "divert-to " . $l7rule->GetRPort() . " ";
-	}
 	if (($rule['protocol'] == "icmp") && $rule['icmptype'] && ($rule['ipprotocol'] == "inet"))
 		$aline['icmp-type'] = "icmp-type {$rule['icmptype']} ";
 	if (($rule['protocol'] == "icmp") && $rule['icmptype'] && ($rule['ipprotocol'] == "inet6"))
@@ -2489,7 +2473,7 @@ function filter_generate_user_rule($rule)
 		if ($noadvoptions == false && isset($rule['nopfsync']))
 			$rule['nopfsync'] = true;
 
-		if ($noadvoptions == false || $l7_present)
+		if ($noadvoptions == false)
 			if ((isset($rule['source-track']) and $rule['source-track'] <> "") or
 			    (isset($rule['max']) and $rule['max'] <> "") or
 			    (isset($rule['max-src-nodes']) and $rule['max-src-nodes'] <> "") or
@@ -2499,7 +2483,7 @@ function filter_generate_user_rule($rule)
 			      (isset($rule['max-src-conn']) and $rule['max-src-conn'] <> "") or
 			      (isset($rule['max-src-conn-rate']) and $rule['max-src-conn-rate'] <> "") or
 			      (isset($rule['max-src-conn-rates']) and $rule['max-src-conn-rates'] <> ""))) or
-			    isset($rule['sloppy']) or isset($rule['nopfsync']) or $l7_present) {
+			    isset($rule['sloppy']) or isset($rule['nopfsync'])) {
 					$aline['flags'] .= "( ";
 					if (isset($rule['sloppy']))
 						$aline['flags'] .= "sloppy ";
@@ -2530,9 +2514,6 @@ function filter_generate_user_rule($rule)
 						$aline['flags'] .= "/" . $rule['max-src-conn-rates'] . ", overload <virusprot> flush global ";
 					}
 
-					if(!empty($aline['divert']))
-						$aline['flags'] .= "max-packets 8 ";
-
 					$aline['flags'] .= " ) ";
 				}
 	}

diff --git a/src/etc/inc/priv.defs.inc b/src/etc/inc/priv.defs.inc
@@ -394,12 +394,6 @@ $priv_list['page-firewall-trafficshaper']['descr'] = gettext("Allow access to th
 $priv_list['page-firewall-trafficshaper']['match'] = array();
 $priv_list['page-firewall-trafficshaper']['match'][] = "firewall_shaper.php*";
 
-$priv_list['page-firewall-trafficshaper-layer7'] = array();
-$priv_list['page-firewall-trafficshaper-layer7']['name'] = gettext("WebCfg - Firewall: Traffic Shaper: Layer7 page");
-$priv_list['page-firewall-trafficshaper-layer7']['descr'] = gettext("Allow access to the 'Firewall: Traffic Shaper: Layer7' page.");
-$priv_list['page-firewall-trafficshaper-layer7']['match'] = array();
-$priv_list['page-firewall-trafficshaper-layer7']['match'][] = "firewall_shaper_layer7.php*";
-
 $priv_list['page-firewall-trafficshaper-queues'] = array();
 $priv_list['page-firewall-trafficshaper-queues']['name'] = gettext("WebCfg - Firewall: Traffic Shaper: Queues page");
 $priv_list['page-firewall-trafficshaper-queues']['descr'] = gettext("Allow access to the 'Firewall: Traffic Shaper: Queues' page.");