diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-03-19 19:03:45 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-03-19 19:03:45 +0000 |
commit | 1001762c2d5a83ed97c067ee4804a17be8b2c1ec (patch) | |
tree | 9cd80dbf535951a6bcf3da233e738d08caf430e0 /etc | |
parent | 1828ab3a4b6dd75aad875b139203b2008c8652c8 (diff) | |
download | pfsense-1001762c2d5a83ed97c067ee4804a17be8b2c1ec.zip pfsense-1001762c2d5a83ed97c067ee4804a17be8b2c1ec.tar.gz |
Ensure outgoing traffic adheres to the gateway for optional interfaces
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 78eba51..fd5cd31 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1666,17 +1666,22 @@ function create_firewall_outgoing_rules_to_itself() { for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) $ifdescrs['opt' . $j] = "opt" . $j; foreach ($ifdescrs as $ifdescr => $ifname) { + $return_gateway = $config['interfaces'][$ifname]['gateway']; $int = filter_translate_type_to_real_interface($ifname); if ($config['interfaces'][$ifname]['ipaddr'] == "pppoe") $int = "ng0"; $ip = find_interface_ip($int); + if($return_gateway <> "") + $replyto = "reply-to ({$int} {$return_gateway} "; + else + $replyto = " "; if($ip <> "") { - $rule .="pass out quick on {$int} inet from any to any keep state\n"; + $rule .="pass out quick on {$int} {$replyto}inet from any to any keep state\n"; /* XXX - billm: temp fix for pppoe, needs better fix */ if($config['interfaces'][$ifname]['ipaddr'] != "") - $rule .="pass out quick on {$int} inet from {$int} to any keep state\n"; + $rule .="pass out quick on {$int} {$replyto} inet from {$int} to any keep state\n"; else - $rule .="pass out quick on {$int} inet from ({$int}) to any keep state\n"; + $rule .="pass out quick on {$int} {$replyto} inet from ({$int}) to any keep state\n"; } } |