diff options
author | smos <seth.mos@dds.nl> | 2011-08-18 08:55:50 +0200 |
---|---|---|
committer | smos <seth.mos@dds.nl> | 2011-08-18 08:55:50 +0200 |
commit | b868d9a0c640965002b0a2d03869455f6212e3cf (patch) | |
tree | 31d621ce138aebde62b1c0fb5151bfd26fdcde34 | |
parent | 2a5d416d8fa714e1d6ab6301d6dc4d40adcd6962 (diff) | |
download | pfsense-b868d9a0c640965002b0a2d03869455f6212e3cf.zip pfsense-b868d9a0c640965002b0a2d03869455f6212e3cf.tar.gz |
Add the dhcp6 firewall rules so the client can get out.
Add a type6 field so that we can distinguish the ipv6 configuration types
-rw-r--r-- | etc/inc/filter.inc | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 7cf320e..3e7b72e 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -783,8 +783,10 @@ function filter_generate_optcfg_array() { continue; $oic['ip'] = get_interface_ip($if); $oic['ipv6'] = get_interface_ipv6($if); - if(!is_ipaddr($oc['ipaddr']) && !empty($oc['ipaddr'])) + if(!is_ipaddrv4($oc['ipaddr']) && !empty($oc['ipaddr'])) $oic['type'] = $oc['ipaddr']; + if(!is_ipaddrv6($oc['ipaddrv6']) && !empty($oc['ipaddrv6'])) + $oic['type6'] = $oc['ipaddrv6']; $oic['sn'] = get_interface_subnet($if); $oic['snv6'] = get_interface_subnetv6($if); $oic['mtu'] = empty($oc['mtu']) ? 1500 : $oc['mtu']; @@ -2378,9 +2380,6 @@ EOD; # allow our DHCP client out to the {$oc['descr']} pass in on \${$oc['descr']} proto udp from any port = 67 to any port = 68 label "allow dhcp client out {$oc['descr']}" pass out on \${$oc['descr']} proto udp from any port = 68 to any port = 67 label "allow dhcp client out {$oc['descr']}" -# allow our DHCPv6 client out to the {$oc['descr']} -pass in on \${$oc['descr']} proto udp from any port = 547 to any port = 546 label "allow dhcpv6 client out {$oc['descr']}" -pass out on \${$oc['descr']} proto udp from any port = 546 to any port = 547 label "allow dhcpv6 client out {$oc['descr']}" # Not installing DHCP server firewall rules for {$oc['descr']} which is configured for DHCP. EOD; @@ -2411,6 +2410,19 @@ EOD; } } + break; + } + switch($oc['type6']) { + case "dhcp6": + $ipfrules = <<<EOD + +# allow our DHCPv6 client out to the {$oc['descr']} +pass in on \${$oc['descr']} proto udp from any port = 547 to any port = 546 label "allow dhcpv6 client out {$oc['descr']}" +pass out on \${$oc['descr']} proto udp from any port = 546 to any port = 547 label "allow dhcpv6 client out {$oc['descr']}" + +EOD; + break; + default: if(isset($config['dhcpdv6'][$on]['enable'])) { $ipfrules .= <<<EOD |