summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2005-11-28 04:58:28 +0000
committerScott Ullrich <sullrich@pfsense.org>2005-11-28 04:58:28 +0000
commita41389044d8eb7bb9f427721c2e9ba8dda89f839 (patch)
tree1e97a353dafbb3fd804772ab032e44764d08bd85
parentd8c3ac4ece159d423bf6f2627fb80ef88526ea06 (diff)
downloadpfsense-a41389044d8eb7bb9f427721c2e9ba8dda89f839.zip
pfsense-a41389044d8eb7bb9f427721c2e9ba8dda89f839.tar.gz
Handle pppoe situations a little cleaner
-rw-r--r--etc/inc/filter.inc16
1 files changed, 6 insertions, 10 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 7784211..65939b4 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1894,7 +1894,7 @@ function create_firewall_outgoing_rules_to_itself() {
for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++)
$ifdescrs['opt' . $j] = "opt" . $j;
- /* go through primary and optional interfaces */
+ /* go through primary and optional interfaces */
foreach ($ifdescrs as $ifdescr => $ifname) {
$return_gateway = $config['interfaces'][$ifname]['gateway'];
$ints = array();
@@ -1902,20 +1902,16 @@ function create_firewall_outgoing_rules_to_itself() {
/* if the interface is pppoe, set the ng0 interface */
$ip = find_interface_ip($int);
+ if ($config['interfaces'][$ifname]['ipaddr'] == "pppoe")
+ $int = " { " . filter_translate_type_to_real_interface($ifname) . " ng0 } ";
if (isset($config['shaper']['enable']) && is_array($config['shaper']['queue'])) {
foreach ($config['shaper']['queue'] as $queue)
$rule .="pass out quick on {$int} all keep state tagged {$queue['name']} queue {$queue['name']} label \"let out anything from firewall host itself\"\n";
}
+
+ /* first add a rule for the real interface, then for ng0 */
+ $rule .="pass out quick on {$int} all keep state label \"let out anything from firewall host itself\"\n";
- /* need to physically let the traffic out still, even though we just tagged it */
- if ($config['interfaces'][$ifname]['ipaddr'] == "pppoe") {
- /* first add a rule for the real interface, then for ng0 */
- $rule .="pass out quick on {$int} all keep state label \"let out anything from firewall host itself\"\n";
- $int = "ng0";
- $rule .="pass out quick on {$int} all keep state label \"let out anything from firewall host itself\"\n";
- } else {
- $rule .="pass out quick on {$int} all keep state label \"let out anything from firewall host itself\"\n";
- }
}
/* is bridging turned on? */
OpenPOWER on IntegriCloud