diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2007-07-05 20:38:57 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2007-07-05 20:38:57 +0000 |
| commit | 6f82a11f109cc993ab8df53fadc9763f95d353ec (patch) | |
| tree | 2e3ff54d266f66710e37f0b256084f0227dcc9ae /etc | |
| parent | 7f37926c7204477cc3e5935ee41ef2c9ea6d3c84 (diff) | |
| download | pfsense-6f82a11f109cc993ab8df53fadc9763f95d353ec.zip pfsense-6f82a11f109cc993ab8df53fadc9763f95d353ec.tar.gz | |
Do not use $iface as source or destination as it may be a member of a bridge without an ip address and pfctl will complain.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 697d137..8f796e3 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -331,10 +331,10 @@ function filter_generate_aliases() { $lan_aliases = " " . link_ip_to_carp_interface($lanip); $wan_aliases = " " . link_ip_to_carp_interface($wanip); -// if(link_int_to_bridge_interface("lan")) -// $lan_aliases .= " " . link_int_to_bridge_interface("lan"); -// if(link_int_to_bridge_interface("wan")) -// $wan_aliases .= " " . link_int_to_bridge_interface("wan"); + if(link_int_to_bridge_interface("lan")) + $lan_aliases .= " " . link_int_to_bridge_interface("lan"); + if(link_int_to_bridge_interface("wan")) + $wan_aliases .= " " . link_int_to_bridge_interface("wan"); $aliases .= "# System Aliases \n"; $aliases .= "loopback = \"{ lo0 }\"\n"; @@ -2826,15 +2826,15 @@ EOD; continue; if(!$remote_gateway) continue; - $ipfrules .= "pass out quick on \${$iface} proto udp from \${$iface} to {$remote_gateway} port = 500 keep state label \"IPSEC: {$tunnel['descr']} - outbound isakmp\"\n"; - $ipfrules .= "pass in quick on \${$iface} proto udp from {$remote_gateway} to \${$iface} port = 500 keep state label \"IPSEC: {$tunnel['descr']} - inbound isakmp\"\n"; + $ipfrules .= "pass out quick on \${$iface} proto udp from any to {$remote_gateway} port = 500 keep state label \"IPSEC: {$tunnel['descr']} - outbound isakmp\"\n"; + $ipfrules .= "pass in quick on \${$iface} proto udp from {$remote_gateway} to any port = 500 keep state label \"IPSEC: {$tunnel['descr']} - inbound isakmp\"\n"; if ($tunnel['p2']['protocol'] == 'esp') { - $ipfrules .= "pass out quick on \${$iface} proto esp from \${$iface} to {$remote_gateway} keep state label \"IPSEC: {$tunnel['descr']} - outbound esp proto\"\n"; - $ipfrules .= "pass in quick on \${$iface} proto esp from {$remote_gateway} to \${$iface} keep state label \"IPSEC: {$tunnel['descr']} - inbound esp proto\"\n"; + $ipfrules .= "pass out quick on \${$iface} proto esp from any to {$remote_gateway} keep state label \"IPSEC: {$tunnel['descr']} - outbound esp proto\"\n"; + $ipfrules .= "pass in quick on \${$iface} proto esp from {$remote_gateway} to any keep state label \"IPSEC: {$tunnel['descr']} - inbound esp proto\"\n"; } if ($tunnel['p2']['protocol'] == 'ah') { - $ipfrules .= "pass out quick on \${$iface} proto ah from \${$iface} to {$remote_gateway} keep state label \"IPSEC: {$tunnel['descr']} - outbound ah proto\"\n"; - $ipfrules .= "pass in quick on \${$iface} proto ah from {$remote_gateway} to \${$iface} keep state label \"IPSEC: {$tunnel['descr']} - inbound ah proto\"\n"; + $ipfrules .= "pass out quick on \${$iface} proto ah from any to {$remote_gateway} keep state label \"IPSEC: {$tunnel['descr']} - outbound ah proto\"\n"; + $ipfrules .= "pass in quick on \${$iface} proto ah from {$remote_gateway} to any keep state label \"IPSEC: {$tunnel['descr']} - inbound ah proto\"\n"; } } } |
