diff options
author | jim-p <jimp@pfsense.org> | 2011-02-16 12:15:37 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2011-02-16 12:15:37 -0500 |
commit | 72377228a61220f1dbe62afb81e0dc7757868ea5 (patch) | |
tree | 34c79d5cd9723f2b96bc6cd302a1bc7a9c6bc4de /etc | |
parent | 3e8b3cccab55f02be654ba342ac9d0e02c719d78 (diff) | |
download | pfsense-72377228a61220f1dbe62afb81e0dc7757868ea5.zip pfsense-72377228a61220f1dbe62afb81e0dc7757868ea5.tar.gz |
Add automatic rules to pass DHCP failover traffic if a failover peer is defined. See http://forum.pfsense.org/index.php/topic,32731.msg172839.html#msg172839
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index b786d96..b49de6b 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2171,6 +2171,15 @@ pass in on \${$oc['descr']} proto udp from any port = 68 to {$oc['ip']} port = 6 pass out on \${$oc['descr']} proto udp from {$oc['ip']} port = 67 to any port = 68 label "allow access to DHCP server" EOD; + if($config['dhcpd'][$on]['failover_peerip'] <> "") { + $ipfrules .= <<<EOD +# allow access to DHCP failover on {$oc['descr']} from {$config['dhcpd'][$on]['failover_peerip']} +pass in on \${$oc['descr']} proto udp from {$config['dhcpd'][$on]['failover_peerip']} to {$oc['ip']} port = 519 label "allow access to DHCP failover" +pass in on \${$oc['descr']} proto udp from {$config['dhcpd'][$on]['failover_peerip']} to {$oc['ip']} port = 520 label "allow access to DHCP failover" + +EOD; + } + } break; } |