diff options
| author | Chris Buechler <cmb@pfsense.org> | 2014-10-30 16:37:14 -0500 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2014-10-30 16:37:14 -0500 |
| commit | 1ae41bfe84a285c61e2a02acae59f70d73aff2c8 (patch) | |
| tree | 7c0d4e0058286e23df8632beb1b0955faf9a0c09 | |
| parent | 737b18f23bfc27185eda513d9ffe2600ecde9cd7 (diff) | |
| download | pfsense-1ae41bfe84a285c61e2a02acae59f70d73aff2c8.zip pfsense-1ae41bfe84a285c61e2a02acae59f70d73aff2c8.tar.gz | |
Kill states associated with the old WAN IP when WAN IP has changed. Retain
hidden config option to wipe all states on IP change, as there seemed to
be circumstances where the 'pfctl -k $oldip' didn't suffice for others
(much of history in redmine ticket, some on forum and elsewhere). ticket
| -rwxr-xr-x | etc/rc.newwanip | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/etc/rc.newwanip b/etc/rc.newwanip index b903210..46e0f28 100755 --- a/etc/rc.newwanip +++ b/etc/rc.newwanip @@ -185,9 +185,12 @@ if(is_array($config['gifs']['gif'])){ * could be failing back in which case we need to switch IPs back anyhow. */ if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interfaces'][$interface]['ipaddr'])) { - /* option to flush state table on IP change */ + /* IP changed, kill states accordingly */ if ($curwanip != $oldip) { + log_error("IP has changed, killing states on former IP $oldip."); + mwexec_bg("/sbin/pfctl -k $oldip"); if (isset($config['system']['ip_change_kill_states'])) { + /* hidden config option to wipe all states if needed */ log_error("Killing all states post-IP change."); filter_flush_state_table(); } |
