summaryrefslogtreecommitdiffstats
path: root/etc/inc/filter.inc
diff options
context:
space:
mode:
authorSeth Mos <seth.mos@xs4all.nl>2008-07-02 21:02:47 +0000
committerSeth Mos <seth.mos@xs4all.nl>2008-07-02 21:02:47 +0000
commitbfc45c0bfb7e615e7b9c6375eecae2aada795c98 (patch)
treefd41e6ad71224edd572ba24d9d5f1ed17f2349c3 /etc/inc/filter.inc
parentbba3a775d45c9334528e6bd76c0d24e32c4f5054 (diff)
downloadpfsense-bfc45c0bfb7e615e7b9c6375eecae2aada795c98.zip
pfsense-bfc45c0bfb7e615e7b9c6375eecae2aada795c98.tar.gz
do not create unparseable rules for VPN behind the scene rules
Diffstat (limited to 'etc/inc/filter.inc')
-rw-r--r--etc/inc/filter.inc16
1 files changed, 10 insertions, 6 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 66a00ae..4005542 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -2964,11 +2964,13 @@ EOD;
if(! interface_has_gateway($ifr))
continue;
+ /* FIXME: make dynamic interface compatible */
$gateway = lookup_gateway_ip_by_name($config['interfaces'][$ifr]['gateway']);
$interface = convert_friendly_interface_to_real_interface_name($iface);
- $route_to = " route-to ( $interface $gateway ) ";
- $reply_to = " reply-to ( $interface $gateway ) ";
-
+ if((is_ipaddr($gateway)) && ($interface <> "")) {
+ $route_to = " route-to ( $interface $gateway ) ";
+ $reply_to = " reply-to ( $interface $gateway ) ";
+ }
$ifalias = convert_friendly_interface_to_friendly_descr($ifr);
/* pass in rules for IPSEC with reply-to */
@@ -3035,11 +3037,13 @@ EOD;
if(! interface_has_gateway($ifr))
continue;
+ /* FIXME: make dynamic interface compatible */
$gateway = lookup_gateway_ip_by_name($config['interfaces'][$ifr]['gateway']);
$interface = convert_friendly_interface_to_real_interface_name($iface);
- $route_to = " route-to ( $interface $gateway ) ";
- $reply_to = " reply-to ( $interface $gateway ) ";
-
+ if((is_ipaddr($gateway)) && ($interface <> "")) {
+ $route_to = " route-to ( $interface $gateway ) ";
+ $reply_to = " reply-to ( $interface $gateway ) ";
+ }
$ifalias = convert_friendly_interface_to_friendly_descr($ifr);
$ipfrules .= "pass out on \${$ifalias} $route_to proto udp from any to {$remote_gateway} port = 500 keep state label \"IPsec: {$tunnel['descr']} - outbound isakmp\"\n";
$ipfrules .= "pass in on \${$ifalias} $reply_to proto udp from {$remote_gateway} to any port = 500 keep state label \"IPsec: {$tunnel['descr']} - inbound isakmp\"\n";
OpenPOWER on IntegriCloud