diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-10-29 19:40:39 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-10-29 19:40:39 +0000 |
commit | fc19005f9b7ca8648cae2c820426fd6413f13086 (patch) | |
tree | a1b14eae08873ec6d1e51ff3b2413dcac87433d6 /etc/inc | |
parent | f315165a6daf52b56c12965d389041d1e210c3ed (diff) | |
download | pfsense-fc19005f9b7ca8648cae2c820426fd6413f13086.zip pfsense-fc19005f9b7ca8648cae2c820426fd6413f13086.tar.gz |
MFC 7235
Do not install anti-spoof rules if user has disabled.
Huge-pointy-hat-to: Me
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/filter.inc | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 1526948..bad73e0 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2,8 +2,8 @@ /* $Id$ */ /* filter.inc - Copyright (C) 2004 Scott Ullrich - Copyright (C) 2005 Bill Marquette + Copyright (C) 2004,2005 Scott Ullrich + Copyright (C) 2005 Bill Marquette All rights reserved. originally part of m0n0wall (http://m0n0.ch/wall) @@ -1367,14 +1367,16 @@ EOD; /* install wan spoof check rule if lan address exists */ if($lansa) { - - $ipfrules .= <<<EOD + if(!isset($config['interfaces']['wan']['spoofmac'])) { + $ipfrules .= <<<EOD # WAN spoof check anchor "wanspoof" block in $log quick on $wanif from $lansa/$lansn to any label "WAN spoof check" EOD; + + } } foreach ($optcfg as $oc) { @@ -2035,4 +2037,4 @@ function return_vpn_subnet($adr) { return " # error - {$adr['network']} "; } -?> +?>
\ No newline at end of file |