diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-03-03 16:14:29 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-03-03 16:14:29 +0000 |
commit | 9886adc89bf0f1ec96b5e0c154f1d6c36e34ec57 (patch) | |
tree | e04422d6c712b319466b6eb6243548a9a7656ecf /etc/inc | |
parent | b19906403b921c418b35a28913a9078efd034129 (diff) | |
download | pfsense-9886adc89bf0f1ec96b5e0c154f1d6c36e34ec57.zip pfsense-9886adc89bf0f1ec96b5e0c154f1d6c36e34ec57.tar.gz |
Do not setup an outgoing rule if an interface lacks an ip address.
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/filter.inc | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index cee2ef3..06d9c73 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1620,17 +1620,19 @@ function create_firewall_outgoing_rules_to_itself() { $rule .= "# pass traffic from firewall -> out\n"; $rule .= "anchor \"firewallout\"\n"; $ifdescrs = array('wan', 'lan'); - for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) { + for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) $ifdescrs['opt' . $j] = "opt" . $j; - } foreach ($ifdescrs as $ifdescr => $ifname) { $int = filter_translate_type_to_real_interface($ifname); - $rule .="pass out quick on {$int} inet from any to any keep state\n"; - /* XXX - billm: temp fix for pppoe, needs better fix */ if ($config['interfaces'][$ifname]['ipaddr'] == "pppoe") $int = "ng0"; - if($config['interfaces'][$ifname]['ipaddr'] != "") - $rule .="pass out quick on {$int} inet from {$int} to any keep state\n"; + $ip = find_interface_ip($int); + if($ip <> "") { + $rule .="pass out quick on {$int} inet from any to any keep state\n"; + /* XXX - billm: temp fix for pppoe, needs better fix */ + if($config['interfaces'][$ifname]['ipaddr'] != "") + $rule .="pass out quick on {$int} inet from {$int} to any keep state\n"; + } } return $rule; } |