diff options
author | Seth Mos <seth.mos@xs4all.nl> | 2008-07-02 21:02:47 +0000 |
---|---|---|
committer | Seth Mos <seth.mos@xs4all.nl> | 2008-07-02 21:02:47 +0000 |
commit | bfc45c0bfb7e615e7b9c6375eecae2aada795c98 (patch) | |
tree | fd41e6ad71224edd572ba24d9d5f1ed17f2349c3 /etc/inc/filter.inc | |
parent | bba3a775d45c9334528e6bd76c0d24e32c4f5054 (diff) | |
download | pfsense-bfc45c0bfb7e615e7b9c6375eecae2aada795c98.zip pfsense-bfc45c0bfb7e615e7b9c6375eecae2aada795c98.tar.gz |
do not create unparseable rules for VPN behind the scene rules
Diffstat (limited to 'etc/inc/filter.inc')
-rw-r--r-- | etc/inc/filter.inc | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 66a00ae..4005542 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2964,11 +2964,13 @@ EOD; if(! interface_has_gateway($ifr)) continue; + /* FIXME: make dynamic interface compatible */ $gateway = lookup_gateway_ip_by_name($config['interfaces'][$ifr]['gateway']); $interface = convert_friendly_interface_to_real_interface_name($iface); - $route_to = " route-to ( $interface $gateway ) "; - $reply_to = " reply-to ( $interface $gateway ) "; - + if((is_ipaddr($gateway)) && ($interface <> "")) { + $route_to = " route-to ( $interface $gateway ) "; + $reply_to = " reply-to ( $interface $gateway ) "; + } $ifalias = convert_friendly_interface_to_friendly_descr($ifr); /* pass in rules for IPSEC with reply-to */ @@ -3035,11 +3037,13 @@ EOD; if(! interface_has_gateway($ifr)) continue; + /* FIXME: make dynamic interface compatible */ $gateway = lookup_gateway_ip_by_name($config['interfaces'][$ifr]['gateway']); $interface = convert_friendly_interface_to_real_interface_name($iface); - $route_to = " route-to ( $interface $gateway ) "; - $reply_to = " reply-to ( $interface $gateway ) "; - + if((is_ipaddr($gateway)) && ($interface <> "")) { + $route_to = " route-to ( $interface $gateway ) "; + $reply_to = " reply-to ( $interface $gateway ) "; + } $ifalias = convert_friendly_interface_to_friendly_descr($ifr); $ipfrules .= "pass out on \${$ifalias} $route_to proto udp from any to {$remote_gateway} port = 500 keep state label \"IPsec: {$tunnel['descr']} - outbound isakmp\"\n"; $ipfrules .= "pass in on \${$ifalias} $reply_to proto udp from {$remote_gateway} to any port = 500 keep state label \"IPsec: {$tunnel['descr']} - inbound isakmp\"\n"; |