diff options
author | Ermal <eri@pfsense.org> | 2010-08-19 20:43:45 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2010-08-19 20:43:45 +0000 |
commit | fa2f5379b9d4ce5465d824037b2a5e47c01f23ab (patch) | |
tree | b5af436f5ffb7733d33388fb9ec6d0ca621538ba | |
parent | 5180d00ac2c9d47b2a74d4d8e7d0b9b762bc9934 (diff) | |
download | pfsense-fa2f5379b9d4ce5465d824037b2a5e47c01f23ab.zip pfsense-fa2f5379b9d4ce5465d824037b2a5e47c01f23ab.tar.gz |
Ticket #8. Actually use the new functionality of pfctl -b to kill even states referencing down gateways in their route-to cached parameter.
-rw-r--r-- | etc/inc/filter.inc | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 513cb79..dc0728f 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -144,13 +144,10 @@ function filter_delete_states_for_down_gateways() { global $config; $a_gateways = return_gateways_status(); - foreach ($a_gateways as $gateway) { + foreach ($a_gateways as $gwip => $gateway) { if (stristr($status['status'], "down")) { - if (is_ipaddr($gateway['srcip'])) { - mwexec("/sbin/pfctl -b {$gateway['srcip']}"); - mwexec("/sbin/pfctl -K {$gateway['srcip']}"); - mwexec("/sbin/pfctl -k {$gateway['srcip']}"); - mwexec("/sbin/pfctl -k 0.0.0.0/0 -k {$gateway['srcip']}"); + if (is_ipaddr($gateway['srcip']) && is_ipaddr($gwip)) { + mwexec("/sbin/pfctl -b {$gateway['srcip']} -b {$gwip}"); } } } |