diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-01-13 17:58:45 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-01-13 17:58:45 +0000 |
commit | 8fc2952b05f0b484fc901830b6fd35fc55dc80cd (patch) | |
tree | 69a061eeb0001da633a244c570bbd2f5202f0f9f | |
parent | d21337019d129a70daec96570f8357017a41a78e (diff) | |
download | pfsense-8fc2952b05f0b484fc901830b6fd35fc55dc80cd.zip pfsense-8fc2952b05f0b484fc901830b6fd35fc55dc80cd.tar.gz |
If carp is compiled into the kernel and userland lets make the appropriate firewall rules to pass the traffic.
-rw-r--r-- | etc/inc/filter.inc | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index d875e12..4e5ba42 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -33,6 +33,20 @@ /* include all configuration functions */ require_once("functions.inc"); +function is_carp_defined() { + /* is carp compiled into the kernel and userland? */ + $command = "sysctl -a | grep carp"; + $fd = popen($command . " 2>&1 ", "r"); + while(!feof($fd)) { + $tmp .= fread($fd,49); + } + fclose($fd); + if($tmp == "") + return 0; + else + return 1; +} + function filter_resync() { global $config, $g; @@ -97,6 +111,7 @@ function filter_configure() { else $mssclamp = 0; + /* XXX: convert these to PF or dump */ mwexec("/sbin/sysctl net.inet.ipf.fr_mssif={$wanif}"); mwexec("/sbin/sysctl net.inet.ipf.fr_mssclamp={$mssclamp}"); @@ -510,6 +525,13 @@ function filter_rules_generate() { # BEGIN OF firewall rules $ipfrules=""; + + /* if carp is defined, lets pass the traffic */ + if(is_carp_defined() == 1) { + $ipfrules .= "pass on " . $lanif . " proto carp keep state\n"; + $ipfrules .= "pass on " . $wanif . " proto carp keep state\n"; + } + $ipfrules .= <<<EOD # loopback |