diff options
author | Ermal <eri@pfsense.org> | 2013-01-29 20:47:37 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2013-01-29 20:47:54 +0000 |
commit | 3fe15891fc0a408b688eb0accd97bbf3e4f6b196 (patch) | |
tree | 2596371143885d50d7aa144647506ca0c31acbe3 | |
parent | fe5f2a3b6687ef715617253459cffb8747e7e6c3 (diff) | |
download | pfsense-3fe15891fc0a408b688eb0accd97bbf3e4f6b196.zip pfsense-3fe15891fc0a408b688eb0accd97bbf3e4f6b196.tar.gz |
Use correct key. Be more strict while checking by suing v4 version for ipv4. Fixes: http://forum.pfsense.org/index.php/topic,58122.msg312024.html#msg312024
-rw-r--r-- | etc/inc/filter.inc | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 63779f9..cf6fbc9 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -877,9 +877,9 @@ function filter_generate_optcfg_array() { $oic['vips6'] = array(); $oic['vips6'][$vipidx]['ip'] = $vip['subnet']; if (empty($vip['subnet_bits'])) - $oic['vips'][$vipidx]['sn'] = 128; + $oic['vips6'][$vipidx]['sn'] = 128; else - $oic['vips'][$vipidx]['sn'] = $vip['subnet_bits']; + $oic['vips6'][$vipidx]['sn'] = $vip['subnet_bits']; } } } @@ -2721,7 +2721,7 @@ EOD; continue; $gw = get_interface_gateway($ifdescr); - if (is_ipaddr($gw) && is_ipaddr($ifcfg['ip'])) { + if (is_ipaddrv4($gw) && is_ipaddrv4($ifcfg['ip'])) { $ipfrules .= "pass out route-to ( {$ifcfg['if']} {$gw} ) from {$ifcfg['ip']} to !{$ifcfg['sa']}/{$ifcfg['sn']} keep state allow-opts label \"let out anything from firewall host itself\"\n"; if (is_array($ifcfg['vips'])) { foreach ($ifcfg['vips'] as $vip) @@ -2745,7 +2745,7 @@ EOD; $ipfrules .= "pass out route-to ( {$stf} {$gwv6} ) inet6 from {$ifcfg['ipv6']} to !{$ifcfg['ipv6']}/{$pdlen} keep state allow-opts label \"let out anything from firewall host itself\"\n"; if (is_array($ifcfg['vips6'])) { foreach ($ifcfg['vips6'] as $vip) - $ipfrules .= "pass out route-to ( {$stf} {$gwv6} ) inet6 from {$vip['ip']} to !{$vip['ipv6']}/{$pdlen} keep state allow-opts label \"let out anything from firewall host itself\"\n"; + $ipfrules .= "pass out route-to ( {$stf} {$gwv6} ) inet6 from {$vip['ip']} to !{$vip['ip']}/{$pdlen} keep state allow-opts label \"let out anything from firewall host itself\"\n"; } } } |