Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[plugins] inject new firewall rules #993

Closed
AdSchellevis opened this issue Jun 5, 2016 · 4 comments
Closed

[plugins] inject new firewall rules #993

AdSchellevis opened this issue Jun 5, 2016 · 4 comments
Assignees
@AdSchellevis
Labels
feature Adding new functionality
Milestone
17.1

Comments

@AdSchellevis
Copy link
Member

Just an idea, probably won't make it for 16.7. But we could extend the plugin system to propagate its needed firewall rules, which will be automatically installed into the config.xml.
(like new interfaces do in current master)

Advantage of doing this is that the firewall config shows the actual settings its using and would simplify the fiter.inc a lot.

Ideas, no concrete plan yet.....
@AdSchellevis AdSchellevis added the feature Adding new functionality label Jun 5, 2016
@AdSchellevis AdSchellevis added this to the Future milestone Jun 5, 2016
@AdSchellevis AdSchellevis self-assigned this Jun 5, 2016
@AdSchellevis AdSchellevis mentioned this issue Jul 30, 2016
Closed
@AdSchellevis AdSchellevis mentioned this issue Sep 23, 2016
Closed
@fichtner fichtner modified the milestones: 17.1, Future Sep 23, 2016
@AdSchellevis AdSchellevis mentioned this issue Sep 26, 2016
Merged
@fichtner
Copy link
Member

Note to self: For now it seems we only have to insert anchors and the utilities will be able to inject their rules at will. This also includes relayd and miniupnpd, which could be split off as plugins in the future.

@AdSchellevis
Copy link
Member Author

@fichtner that's only part of the story here... let's keep this for Friday.

@fichtner
Copy link
Member

of course, only keeping some notes for consistency

AdSchellevis added a commit that referenced this issue Sep 30, 2016
@AdSchellevis
work on #993
edc4097 
simple start, wrap anchor registration into plugin system, use miniupnpd as an example.

use registerAnchor() to register new anchors for pf into the main firewall script, we've hooked head/tail options and the different anchor types.
anchorToText() will extract the registered anchors back for the specified types and place in the script (head/tail) in text format for pf.

our new codebase was already hooked using legacy_bindings.inc, no additional includes needed to construct \OPNsense\Firewall\Plugin().
fichtner pushed a commit that referenced this issue Nov 7, 2016
@AdSchellevis @fichtner
(filter) miniupnpd firewall pluginification
7712fff 
PR: #993

(cherry picked from commit 9a0c383)
(cherry picked from commit edc4097)
(cherry picked from commit 4283c02)
(cherry picked from commit 850cd7a)
(cherry picked from commit 8d11de1)
@fichtner
Copy link
Member

the framework works, no need to keep this ticket anymore

great work by @AdSchellevis

@fraenki fraenki mentioned this issue Jan 5, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AdSchellevis AdSchellevis

Labels
feature Adding new functionality
Milestone
17.1
Development

No branches or pull requests
2 participants
@fichtner @AdSchellevis