diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2007-02-08 22:03:22 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2007-02-08 22:03:22 +0000 |
commit | 0feec714b9b899d6092cd9cf1d9b7d6c4b1fe3f8 (patch) | |
tree | cc2fa2833d4bfbb4ae58fabd5a8347feb13cb7d3 /etc | |
parent | 1ad0ed7e1128699aa930c2786c0a292e4ae75c50 (diff) | |
download | pfsense-0feec714b9b899d6092cd9cf1d9b7d6c4b1fe3f8.zip pfsense-0feec714b9b899d6092cd9cf1d9b7d6c4b1fe3f8.tar.gz |
Backport IPSEC filtering to 1.0.1.
Requested and will be tested by Seth
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 5 | ||||
-rw-r--r-- | etc/inc/vpn.inc | 3 |
2 files changed, 8 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index a7d1863..9f7d108 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -288,6 +288,8 @@ function filter_generate_aliases() { $aliases .= "wan = \"{ " . get_real_wan_interface() . "{$wan_aliases} }\"\n"; } + $aliases .= "enc0 = \"{ enc0 }\"\n"; + /* used to count netgraph interfaces */ $counter = 0; @@ -2719,6 +2721,9 @@ function create_firewall_outgoing_rules_to_itself() { } } + /* permit internal ipsec outbound traffic */ + $rule .="pass out quick on \$enc0 label \"IPSEC internal host to host\""; + return $rule; } diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 5f43740..bc6fa21 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -97,6 +97,9 @@ function find_last_gif_device() { function vpn_ipsec_configure($ipchg = false) { global $config, $g, $sa, $sn; + mwexec("/sbin/ifconfig enc0 create"); + mwexec("/sbin/ifconfig enc0 up"); + /* get the automatic /etc/ping_hosts.sh ready */ unlink_if_exists("/var/db/ipsecpinghosts"); touch("/var/db/ipsecpinghosts"); |