diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2007-07-05 20:39:10 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2007-07-05 20:39:10 +0000 |
| commit | ad3e65b94054af795d99b9f391679f68a6f90853 (patch) | |
| tree | e781d34822f563a552cb45a934ceb658bea67ccc /etc | |
| parent | 96e4552697e28ea8d17fddb1947982a9798c98bf (diff) | |
| download | pfsense-ad3e65b94054af795d99b9f391679f68a6f90853.zip pfsense-ad3e65b94054af795d99b9f391679f68a6f90853.tar.gz | |
Do not use $iface as source or destination as it may be a member of a bridge without an ip address and pfctl will complain.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 4b4c89e..a680bb9 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -331,10 +331,10 @@ function filter_generate_aliases() { $lan_aliases = " " . link_ip_to_carp_interface($lanip); $wan_aliases = " " . link_ip_to_carp_interface($wanip); -// if(link_int_to_bridge_interface("lan")) -// $lan_aliases .= " " . link_int_to_bridge_interface("lan"); -// if(link_int_to_bridge_interface("wan")) -// $wan_aliases .= " " . link_int_to_bridge_interface("wan"); + if(link_int_to_bridge_interface("lan")) + $lan_aliases .= " " . link_int_to_bridge_interface("lan"); + if(link_int_to_bridge_interface("wan")) + $wan_aliases .= " " . link_int_to_bridge_interface("wan"); $aliases .= "# System Aliases \n"; $aliases .= "loopback = \"{ lo0 }\"\n"; @@ -2808,14 +2808,14 @@ EOD; if(!$remote_gateway) continue; $ipfrules .= "pass out quick on \${$iface} proto udp from \${$iface} to {$remote_gateway} port = 500 keep state label \"IPSEC: {$tunnel['descr']} - outbound isakmp\"\n"; - $ipfrules .= "pass in quick on \${$iface} proto udp from {$remote_gateway} to \${$iface} port = 500 keep state label \"IPSEC: {$tunnel['descr']} - inbound isakmp\"\n"; + $ipfrules .= "pass in quick on \${$iface} proto udp from {$remote_gateway} to any port = 500 keep state label \"IPSEC: {$tunnel['descr']} - inbound isakmp\"\n"; if ($tunnel['p2']['protocol'] == 'esp') { - $ipfrules .= "pass out quick on \${$iface} proto esp from \${$iface} to {$remote_gateway} keep state label \"IPSEC: {$tunnel['descr']} - outbound esp proto\"\n"; - $ipfrules .= "pass in quick on \${$iface} proto esp from {$remote_gateway} to \${$iface} keep state label \"IPSEC: {$tunnel['descr']} - inbound esp proto\"\n"; + $ipfrules .= "pass out quick on \${$iface} proto esp from any to {$remote_gateway} keep state label \"IPSEC: {$tunnel['descr']} - outbound esp proto\"\n"; + $ipfrules .= "pass in quick on \${$iface} proto esp from {$remote_gateway} to any keep state label \"IPSEC: {$tunnel['descr']} - inbound esp proto\"\n"; } if ($tunnel['p2']['protocol'] == 'ah') { - $ipfrules .= "pass out quick on \${$iface} proto ah from \${$iface} to {$remote_gateway} keep state label \"IPSEC: {$tunnel['descr']} - outbound ah proto\"\n"; - $ipfrules .= "pass in quick on \${$iface} proto ah from {$remote_gateway} to \${$iface} keep state label \"IPSEC: {$tunnel['descr']} - inbound ah proto\"\n"; + $ipfrules .= "pass out quick on \${$iface} proto ah from any to {$remote_gateway} keep state label \"IPSEC: {$tunnel['descr']} - outbound ah proto\"\n"; + $ipfrules .= "pass in quick on \${$iface} proto ah from {$remote_gateway} to any keep state label \"IPSEC: {$tunnel['descr']} - inbound ah proto\"\n"; } } } |
