Re: [pfSense Support] OpenBGPD package: impossible to edit group in use but it can easily be deleted
On Sat, Aug 15, 2009 at 7:32 PM, Evgeny Yurchenkoevg.yu...@rogers.com wrote:
1) When a BGP group is in use it is impossible to modify group's parameters.
Click 'Save' gives you Sorry this group is in use... and can not be
deleted
Probably it is intended behavior but then we have to change the error
message to ... can not be edited which is not very logical as the idea
behind using groups is to have some parameters common for all peers
belonging to this group. If you agree with me please delete this check:
# diff -rub openbgpd_groups.xml.20090815.bak openbgpd_groups.xml
--- openbgpd_groups.xml.20090815.bak 2009-08-15 22:07:13.0 +
+++ openbgpd_groups.xml 2009-08-15 22:41:28.0 +
@@ -111,9 +111,4 @@
custom_php_resync_config_command
openbgpd_install_conf();
/custom_php_resync_config_command
- custom_php_validation_command
- $status = check_group_usage($_POST['groupname']);
- if($status != )
- $input_errors[] = Sorry this group is in use by
{$status} and cannot be deleted.;
- /custom_php_validation_command
/packagegui
2) The group can be easily deleted even if it is in use without any impact
on /usr/local/etc/bgpd.conf which leads to little mess. After that if you
will edit your neighbor then this neighbor will be excluded from this group
and thus probably will loose AS number. I could not find a way how to
prevent this.
Probably we could create some tag in openbgpd_groups.xml like:
custom_php_del_validation_command
$status = check_group_usage($_POST['groupname']);
if($status != )
$input_errors[] = Sorry this group is in use by
{$status} and cannot be deleted.;
/custom_php_del_validation_command
... and use it in /usr/local/www/pkg.php before it actually deletes
parameter:
line 66 if ($a_pkg[$_GET['id']]) {
+ if($pkg['custom_php_del_validation'] ) {
+ $status =
eval($pkg['custom_php_del_validation'] );
+ if ($status != ){
+ header(Location: pkg.php?xml= .
$xml);
+ exit;
+ }
+ }
unset($a_pkg[$_GET['id']]);
write_config();
... and it works (it's not deleted) but I can't find a way to tell user
about the error.
Thanks,
Eugene
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
Please sign up for a rcs.pfsense.org account and email me the info
off-list. It is time for you to have a commit bit to be able to push
these changes since you are showing an interest in the BGPD package.
Scott
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
[pfSense Support] pfSense Blocking some traffic
Greetings everyone, I have noticed some strange behavior, I have setup a Bridge and setup specific blocking rules for access to systems behind our firewall, I also have explicit access rules for port 80: pass in quick on $wan reply-to (em0 GATEWAYIP) proto tcp from any to any port = 80 keep state label USER_RULE: HTTP Port Allow Access at the bottom of the firewall rules I have this entry to allow everything that I am not specifically blocking: pass in quick on $wan reply-to (em0 GATEWAYIP) from any to any keep state label USER_RULE: Allow Everything Else On my internal interface of the bridge I have the following entry: pass in quick on $InternalNetwork from any to any keep state label USER_RULE However I am seeing entries captured in my firewall logs where visitors are being denied per the Default deny rule at the very bottom of the pf rules. My question is why are my explicit rules not capturing the entries before it gets to the last rule? And also, how can I disable those two rules or can they be disabled? Thanks Joe -- This message has been scanned for viruses by Colocube's AV Scanner - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense Blocking some traffic
Joseph Hardeman wrote: However I am seeing entries captured in my firewall logs where visitors are being denied per the Default deny rule at the very bottom of the pf rules. My question is why are my explicit rules not capturing the entries before it gets to the last rule? And also, how can I disable those two rules or can they be disabled? My guess is that you're really seeing this: http://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection%2C_why%3F And no traffic is actually being dropped. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense Blocking some traffic
Jim Pingle wrote: Joseph Hardeman wrote: However I am seeing entries captured in my firewall logs where visitors are being denied per the Default deny rule at the very bottom of the pf rules. My question is why are my explicit rules not capturing the entries before it gets to the last rule? And also, how can I disable those two rules or can they be disabled? My guess is that you're really seeing this: http://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection%2C_why%3F And no traffic is actually being dropped. Jim Very interesting, but definitely makes sense, specially since I can't seem to get a blocked session to my systems. Thanks Jim for the link. Joe -- This message has been scanned for viruses by Colocube's AV Scanner - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] OpenBGPD package: excessive } if if neighbor does not belong to a group
On Sun, Aug 16, 2009 at 1:18 AM, Evgeny Yurchenkoevg.yu...@rogers.com wrote:
Again me -(((
found one more bug in OpenBGPD. When you add/modify neighbor which does not
belong to any group you get excessive } in bgpd.conf after neighbor{} block.
# diff -rub openbgpd.inc.20090816.bak openbgpd.inc
--- openbgpd.inc.20090816.bak 2009-08-16 05:09:38.0 +
+++ openbgpd.inc 2009-08-16 05:10:33.0 +
@@ -113,8 +113,6 @@
$conffile .= }\n;
}
}
- if($used_this_item)
- $conffile .= }\n;
}
// OpenBGPD filters
Thanks, this one is commited.
Scott
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
