diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2005-11-10 20:57:21 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2005-11-10 20:57:21 +0000 |
| commit | fb76d927aae91a4b35d146c6006df23820c02433 (patch) | |
| tree | 8fde23f9d32cb2e705d60cf80879e6230113eb1b /etc | |
| parent | 3c2b10ada0d3d377cd8aab930261b31fe258bcbc (diff) | |
| download | pfsense-fb76d927aae91a4b35d146c6006df23820c02433.zip pfsense-fb76d927aae91a4b35d146c6006df23820c02433.tar.gz | |
MFC 7501
Do not install rules on lan when bridging that refuses to allow pass through dhcp
Ticket #674
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 37f41f5..759e698 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1423,7 +1423,14 @@ EOD; # (not possible at the moment - need 'me' like in ipfw) anchor "wandhcp" pass out quick on $wanif proto udp from any port = 68 to any port = 67 label "allow dhcp client out wan" -block in $log quick on $wanif proto udp from any port = 67 to {$lansa_sn_combo} port = 68 label "allow dhcp client out wan" + +EOD; + +if($config['interfaces']['lan']['bridge'] <> "wan") + echo "block in $log quick on $wanif proto udp from any port = 67 to {$lansa_sn_combo} port = 68 label \"allow dhcp client out wan\"\n"; + + $ipfrules .= <<<EOD + pass in quick on $wanif proto udp from any port = 67 to any port = 68 label "allow dhcp client out wan" # LAN/OPT spoof check (needs to be after DHCP because of broadcast addresses) |
