* Ensure user rules are marked as a direction of IN

* Make sure rule has keep state if its selected
* Make sure logging is setup on ALL interfaces

1 files changed, 21 insertions, 7 deletions

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index b2f00f1..cb15360 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -88,7 +88,9 @@ function filter_configure() {
 
         $fd = fopen("/tmp/rules.debug", "w");
 	$rules = $aliases . " \n";
-	$rules.= "set loginterface $wanif \n";
+
+	$rules .= setup_logging_interfaces();
+
 	$optimization = "normal";
 	if($config['system']['optimization'] <> "") $optimization = $config['system']['optimization'];
         $rules.= "set optimization " . $optimization . "\n";
@@ -1257,11 +1259,8 @@ EOD;
 				$line = $type;
 			}
 
-			if(isset($rule['direction']) && $rule['direction'] <> "") {
-				$line .= "in ";
-			} else {
-				$line .= $rule['direction'] . " ";
-			}
+			/* ensure the direction is in */
+			$line .= " in ";
 
 			if (isset($rule['log']))
 				$line .= "log ";
@@ -1441,7 +1440,7 @@ EOD;
 						do not use state mechanisms to keep track. this is only useful if your doing advanced
 						queueing in certain situations. please check the faq.
 				*/
-				if( !isset($rule['statetype'] ) ) {
+				if(!isset($rule['statetype']) && $rule['statetype'] != "") {
 					$line .= "keep state ";
 				} else {
 					if($rule['statetype'] == "modulate state" or $rule['statetype'] == "synproxy state") {
@@ -1553,4 +1552,19 @@ function filter_rules_spoofcheck_generate($ifname, $if, $sa, $sn, $log) {
 
 }
 
+function setup_logging_interfaces() {
+	global $config;
+	$rules = "";
+	$i = 0;
+	$ifdescrs = array('wan', 'lan');
+	for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) {
+		$ifdescrs['opt' . $j] = "opt" . $j;
+	}
+	foreach ($ifdescrs as $ifdescr => $ifname) {
+	    $int = filter_translate_type_to_real_interface($ifname);
+	    $rules.= "set loginterface {$int} \n";
+	}
+	return $rules;
+}
+
 ?>
\ No newline at end of file