summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChris Buechler <cmb@pfsense.org>2015-10-14 01:25:22 -0500
committerChris Buechler <cmb@pfsense.org>2015-10-14 01:25:22 -0500
commit594473698158b8fc8830fa2e8fc6ce3959bde81d (patch)
tree1b79f82852a227e2149bf944d47150a67cdef387
parent6f4c051cb8a6b9d3b897909e5c1f59be7e92edd1 (diff)
downloadpfsense-594473698158b8fc8830fa2e8fc6ce3959bde81d.zip
pfsense-594473698158b8fc8830fa2e8fc6ce3959bde81d.tar.gz
Auto-add firewall rules for DHCP Relay, same as is done for DHCP Server. Add filter reload to DHCP Relay config so rules are immediately added/removed. Ticket #4558
-rw-r--r--etc/inc/filter.inc13
-rw-r--r--usr/local/www/services_dhcp_relay.php2
2 files changed, 15 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 701fbbd..b23b75a 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -3117,6 +3117,19 @@ EOD;
}
}
+ /* allow access to DHCP relay on interfaces */
+ if(isset($config['dhcrelay']['enable'])) {
+ $dhcifaces = explode(",", $dhcrelaycfg['interface']);
+ foreach ($dhcifaces as $dhcrelayif) {
+ if ($dhcrelayif = $on) {
+ $ipfrules .= <<<EOD
+# allow access to DHCP relay on {$oc['descr']}
+pass in {$log['pass']} quick on \${$oc['descr']} proto udp from any port = 68 to 255.255.255.255 port = 67 tracker {$increment_tracker($tracker)} label "allow access to DHCP relay"
+
+EOD;
+ }
+ }
+ }
break;
}
diff --git a/usr/local/www/services_dhcp_relay.php b/usr/local/www/services_dhcp_relay.php
index 607002c..82c1666 100644
--- a/usr/local/www/services_dhcp_relay.php
+++ b/usr/local/www/services_dhcp_relay.php
@@ -40,6 +40,7 @@
##|-PRIV
require("guiconfig.inc");
+require_once("filter.inc");
$pconfig['enable'] = isset($config['dhcrelay']['enable']);
if (empty($config['dhcrelay']['interface']))
@@ -97,6 +98,7 @@ if ($_POST) {
$retval = 0;
$retval = services_dhcrelay_configure();
$savemsg = get_std_save_message($retval);
+ filter_configure();
}
}
OpenPOWER on IntegriCloud