summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2013-02-12 12:01:09 +0000
committerErmal <eri@pfsense.org>2013-02-12 12:01:29 +0000
commit096f2962a95269a4ac69a38fd615d6e4da0256eb (patch)
treec2542532a609450f3f344e66bc1d0812f542f9a5
parent443c28221707827578d1df3f7b5fbace62513d7d (diff)
downloadpfsense-096f2962a95269a4ac69a38fd615d6e4da0256eb.zip
pfsense-096f2962a95269a4ac69a38fd615d6e4da0256eb.tar.gz
Ticket #1629 Another round of fixes related to state clearing
-rw-r--r--etc/inc/filter.inc5
-rw-r--r--etc/inc/interfaces.inc2
-rwxr-xr-xsbin/dhclient-script6
-rwxr-xr-xusr/local/sbin/ppp-linkdown1
4 files changed, 9 insertions, 5 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 12ef74f..15c9db3 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -145,6 +145,11 @@ function filter_delete_states_for_down_gateways() {
$gwiface = get_real_interface($gateway['friendlyiface']);
$cmd = "/sbin/pfctl -i {$gwiface} -Fs";
mwexec($cmd);
+ $gwip = $gateway['gateway'];
+ if (is_ipaddr($gwip)) {
+ $cmd = "/sbin/pfctl -i {$gwiface} -Fs -G {$gwip}";
+ mwexec($cmd);
+ }
}
}
}
diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc
index 6698ba5..55c8bbc 100644
--- a/etc/inc/interfaces.inc
+++ b/etc/inc/interfaces.inc
@@ -1235,7 +1235,7 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg =
// log_error("Checking for old router states: {$g['tmp_path']}/{$realif}_router = {$old_router}");
if (!empty($old_router)) {
log_error("Clearing states to old gateway {$old_router}.");
- mwexec("/sbin/pfctl -i {$realif} -Fs");
+ mwexec("/sbin/pfctl -i {$realif} -Fs; /sbin/pfctl -i {$realif} -Fs -G {$old_router}");
}
/* remove interface up file if it exists */
diff --git a/sbin/dhclient-script b/sbin/dhclient-script
index 272bb77..814d1b9 100755
--- a/sbin/dhclient-script
+++ b/sbin/dhclient-script
@@ -66,8 +66,7 @@ delete_old_states() {
$LOGGER "Comparing IPs: Old: ${OLD_IP} New: ${new_ip_address}"
if [ -n "${OLD_IP}" ] && [ "${OLD_IP}" != "${new_ip_address}" ]; then
$LOGGER "Removing states from old IP '${OLD_IP}' (new IP '${new_ip_address}')"
- /sbin/pfctl -k 0.0.0.0/0 -k ${OLD_IP}/32
- /sbin/pfctl -k ${OLD_IP}/32
+ /sbin/pfctl -i $interface -Fs
pfctl -K ${OLD_IP}/32
fi
fi
@@ -82,8 +81,7 @@ delete_old_states() {
$LOGGER "Comparing Routers: Old: ${OLD_ROUTER} New: ${new_routers}"
if [ "${OLD_ROUTER}" != "${new_routers}" ]; then
$LOGGER "Removing states through old gateway '${OLD_ROUTER}' (new gateway '${new_routers}')"
- /sbin/pfctl -i $interface -k 0.0.0.0/0 -k ${OLD_ROUTER}/32
- /sbin/pfctl -i $interface -k ${OLD_ROUTER}/32 -k 0.0.0.0/0
+ /sbin/pfctl -i $interface -Fs -G ${OLD_ROUTER}
fi
fi
}
diff --git a/usr/local/sbin/ppp-linkdown b/usr/local/sbin/ppp-linkdown
index 69f9f88..31d89c6 100755
--- a/usr/local/sbin/ppp-linkdown
+++ b/usr/local/sbin/ppp-linkdown
@@ -14,6 +14,7 @@ if [ "$3" != "" ]; then
/sbin/pfctl -k 0.0.0.0/0 -k ${LOCAL_IP}
/sbin/pfctl -k ${LOCAL_IP}
pfctl -K ${LOCAL_IP}
+ pfctl -i $1 -Fs
fi
/sbin/pfctl -i $1 -Fs
OpenPOWER on IntegriCloud