diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-11-28 04:58:28 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-11-28 04:58:28 +0000 |
commit | a41389044d8eb7bb9f427721c2e9ba8dda89f839 (patch) | |
tree | 1e97a353dafbb3fd804772ab032e44764d08bd85 | |
parent | d8c3ac4ece159d423bf6f2627fb80ef88526ea06 (diff) | |
download | pfsense-a41389044d8eb7bb9f427721c2e9ba8dda89f839.zip pfsense-a41389044d8eb7bb9f427721c2e9ba8dda89f839.tar.gz |
Handle pppoe situations a little cleaner
-rw-r--r-- | etc/inc/filter.inc | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 7784211..65939b4 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1894,7 +1894,7 @@ function create_firewall_outgoing_rules_to_itself() { for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) $ifdescrs['opt' . $j] = "opt" . $j; - /* go through primary and optional interfaces */ + /* go through primary and optional interfaces */ foreach ($ifdescrs as $ifdescr => $ifname) { $return_gateway = $config['interfaces'][$ifname]['gateway']; $ints = array(); @@ -1902,20 +1902,16 @@ function create_firewall_outgoing_rules_to_itself() { /* if the interface is pppoe, set the ng0 interface */ $ip = find_interface_ip($int); + if ($config['interfaces'][$ifname]['ipaddr'] == "pppoe") + $int = " { " . filter_translate_type_to_real_interface($ifname) . " ng0 } "; if (isset($config['shaper']['enable']) && is_array($config['shaper']['queue'])) { foreach ($config['shaper']['queue'] as $queue) $rule .="pass out quick on {$int} all keep state tagged {$queue['name']} queue {$queue['name']} label \"let out anything from firewall host itself\"\n"; } + + /* first add a rule for the real interface, then for ng0 */ + $rule .="pass out quick on {$int} all keep state label \"let out anything from firewall host itself\"\n"; - /* need to physically let the traffic out still, even though we just tagged it */ - if ($config['interfaces'][$ifname]['ipaddr'] == "pppoe") { - /* first add a rule for the real interface, then for ng0 */ - $rule .="pass out quick on {$int} all keep state label \"let out anything from firewall host itself\"\n"; - $int = "ng0"; - $rule .="pass out quick on {$int} all keep state label \"let out anything from firewall host itself\"\n"; - } else { - $rule .="pass out quick on {$int} all keep state label \"let out anything from firewall host itself\"\n"; - } } /* is bridging turned on? */ |