diff options
author | Seth Mos <seth.mos@dds.nl> | 2010-10-25 13:48:12 +0200 |
---|---|---|
committer | Seth Mos <seth.mos@dds.nl> | 2010-10-25 13:48:12 +0200 |
commit | 290797ea64be6e28c97e563dd688e373263f0154 (patch) | |
tree | 19dcbaa99af1c5d72372f9755e3a3ed74f623086 | |
parent | 1306c7dd6b66bdf41d5e06e03905ea1ddcc6a30d (diff) | |
download | pfsense-290797ea64be6e28c97e563dd688e373263f0154.zip pfsense-290797ea64be6e28c97e563dd688e373263f0154.tar.gz |
Fix the filter.inc rule generation for icmp to prevent a double inet6 in the rule
Add inet6 for user defined rules to ipv6 addresses.
-rw-r--r-- | etc/inc/filter.inc | 8 | ||||
-rwxr-xr-x | usr/local/www/firewall_rules.php | 12 |
2 files changed, 16 insertions, 4 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 45c4746..6905e61 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1680,12 +1680,12 @@ function filter_generate_user_rule($rule) { return "# source network or destination network == pptp on " . $rule['descr']; } - if(isset($rule['iprotocol']) && $rule['ipprotocol'] <> "") { + if(isset($rule['ipprotocol'])) { switch($rule['ipprotocol']) { case "inet": $aline['ipprotocol'] = "inet"; break; - case "inet": + case "inet6": $aline['ipprotocol'] = "inet6"; break; } @@ -1760,7 +1760,7 @@ function filter_generate_user_rule($rule) { if($rule['protocol'] == "tcp/udp") $aline['prot'] = " proto { tcp udp } "; elseif(($rule['protocol'] == "icmp") && ($rule['ipprotocol'] == "inet6")) - $aline['prot'] = " inet6 proto ipv6-icmp "; + $aline['prot'] = " proto ipv6-icmp "; elseif($rule['protocol'] == "icmp") $aline['prot'] = " inet proto icmp "; else @@ -1967,7 +1967,7 @@ function filter_generate_user_rule($rule) { /* piece together the actual user rule */ $line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] . $aline['interface'] . $aline['reply'] . $aline['route'] . $aline['ipprotocol'] . $aline['prot'] . $aline['src'] . $aline['os'] . $aline['dst'] . - $aline['divert'] . $aline['icmp-type'] . $aline['tag'] . $aline['tagged'] . $aline['dscp'] . + $aline['divert'] . $aline['icmp-type'] . $aline['icmp6-type'] . $aline['tag'] . $aline['tagged'] . $aline['dscp'] . $aline['allowopts'] . $aline['flags'] . $aline['queue'] . $aline['dnpipe'] . $aline['schedlabel']; diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index cdd417a..b3533e2 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -632,6 +632,18 @@ if($_REQUEST['undodrag']) { </td> <td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"> <?=$textss;?><?php + if (isset($filterent['ipprotocol'])) { + switch($filterent['ipprotocol']) { + case "inet": + echo "IPv4 "; + break; + case "inet6": + echo "IPv6 "; + break; + } + } else { + echo "IPv4 "; + } if (isset($filterent['protocol'])) { echo strtoupper($filterent['protocol']); if (strtoupper($filterent['protocol']) == "ICMP" && !empty($filterent['icmptype'])) { |