diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2005-07-05 22:07:28 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2005-07-05 22:07:28 +0000 |
| commit | 4785b3ce903e7bcaf46722f8fd8a257ae22dbb3e (patch) | |
| tree | e654a1f911ca312feef9aeadeadec410512630cf /etc/inc/filter.inc | |
| parent | b477ecbc3e7630576fee17b21037089b168d508e (diff) | |
| download | pfsense-4785b3ce903e7bcaf46722f8fd8a257ae22dbb3e.zip pfsense-4785b3ce903e7bcaf46722f8fd8a257ae22dbb3e.tar.gz | |
Turn off internal vpn rule for now
Diffstat (limited to 'etc/inc/filter.inc')
| -rw-r--r-- | etc/inc/filter.inc | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index a402a5c..ad9d391 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1896,6 +1896,8 @@ EOD; if(is_array($config['ipsec']['tunnel'])) { foreach ($config['ipsec']['tunnel'] as $tunnel) { $remote_gateway = $tunnel['remote-gateway']; + address_to_pconfig_vpn($tunnel['local-subnet'], $pconfig['localnet'], $pconfig['localnetmask']); + $local_subnet = $pconfig['localnet'] . "/" . $pconfig['localnetmask']; $ipfrules .= "pass quick on " . $wanif . " proto udp from " . $ipsec_ip . " to " . $remote_gateway . " port = 500 keep state label \"IPSEC: ". $tunnel['descr'] ." udp\"\n"; $ipfrules .= "pass quick on " . $wanif . " proto udp from " . $remote_gateway . " to " . $ipsec_ip . " port = 500 keep state label \"". $tunnel['descr'] ." udp\"\n"; @@ -1905,8 +1907,8 @@ EOD; $ipfrules .= "pass quick on " . $wanif . " proto ah from " . $ipsec_ip . " to " . $remote_gateway . " keep state label \"IPSEC: ". $tunnel['descr'] ." ah proto\"\n"; $ipfrules .= "pass quick on " . $wanif . " proto ah from " . $remote_gateway . " to " . $ipsec_ip . " keep state label \"IPSEC: ". $tunnel['descr'] ." ah proto\"\n"; - $ipfrules .= "pass quick on " . $lanif . " from " . $tunnel['remote-subnet'] . " to " . $tunnel['local-subnet']['address'] . " keep state label \"IPSEC: " . $tunnel['descr'] ."\"\n"; - $ipfrules .= "pass quick on " . $lanif . " from " . $tunnel['local-subnet']['address'] . " to " . $tunnel['remote-subnet'] . " keep state label \"IPSEC: " . $tunnel['descr'] ."\"\n"; + //$ipfrules .= "pass quick on " . $lanif . " from " . $tunnel['remote-subnet'] . " to " . $local_subnet . " keep state label \"IPSEC: " . $tunnel['descr'] ."\"\n"; + //$ipfrules .= "pass quick on " . $lanif . " from " . $local_subnet . " to " . $tunnel['remote-subnet'] . " keep state label \"IPSEC: " . $tunnel['descr'] ."\"\n"; } } @@ -2088,4 +2090,24 @@ function carp_sync_client() { } +function address_to_pconfig_vpn($adr, &$padr, &$pmask) { + + if ($adr['network']) + $padr = $adr['network']; + else if ($adr['address']) { + list($padr, $pmask) = explode("/", $adr['address']); + if (is_null($pmask)) + $pmask = 32; + } + + /* XXX: do not return wan, lan, etc */ + if(strstr($padr, "wan") or strstr($padr, "lan") or strstr($padr, "opt")) { + $padr = convert_friendly_interface_to_real_interface_name($padr); + $padr = find_interface_ip($padr); + } + + + +} + ?>
\ No newline at end of file |
