diff options
author | Chris Buechler <cmb@pfsense.org> | 2015-10-14 01:25:22 -0500 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2015-10-14 01:25:22 -0500 |
commit | 594473698158b8fc8830fa2e8fc6ce3959bde81d (patch) | |
tree | 1b79f82852a227e2149bf944d47150a67cdef387 | |
parent | 6f4c051cb8a6b9d3b897909e5c1f59be7e92edd1 (diff) | |
download | pfsense-594473698158b8fc8830fa2e8fc6ce3959bde81d.zip pfsense-594473698158b8fc8830fa2e8fc6ce3959bde81d.tar.gz |
Auto-add firewall rules for DHCP Relay, same as is done for DHCP Server. Add filter reload to DHCP Relay config so rules are immediately added/removed. Ticket #4558
-rw-r--r-- | etc/inc/filter.inc | 13 | ||||
-rw-r--r-- | usr/local/www/services_dhcp_relay.php | 2 |
2 files changed, 15 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 701fbbd..b23b75a 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -3117,6 +3117,19 @@ EOD; } } + /* allow access to DHCP relay on interfaces */ + if(isset($config['dhcrelay']['enable'])) { + $dhcifaces = explode(",", $dhcrelaycfg['interface']); + foreach ($dhcifaces as $dhcrelayif) { + if ($dhcrelayif = $on) { + $ipfrules .= <<<EOD +# allow access to DHCP relay on {$oc['descr']} +pass in {$log['pass']} quick on \${$oc['descr']} proto udp from any port = 68 to 255.255.255.255 port = 67 tracker {$increment_tracker($tracker)} label "allow access to DHCP relay" + +EOD; + } + } + } break; } diff --git a/usr/local/www/services_dhcp_relay.php b/usr/local/www/services_dhcp_relay.php index 607002c..82c1666 100644 --- a/usr/local/www/services_dhcp_relay.php +++ b/usr/local/www/services_dhcp_relay.php @@ -40,6 +40,7 @@ ##|-PRIV require("guiconfig.inc"); +require_once("filter.inc"); $pconfig['enable'] = isset($config['dhcrelay']['enable']); if (empty($config['dhcrelay']['interface'])) @@ -97,6 +98,7 @@ if ($_POST) { $retval = 0; $retval = services_dhcrelay_configure(); $savemsg = get_std_save_message($retval); + filter_configure(); } } |