Ticket #528. Do not route-to for local connected subnets.

1 files changed, 2 insertions, 2 deletions

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index e8a7631..87f498b 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1897,7 +1897,7 @@ EOD;
                         continue;
 		$gw = get_interface_gateway($ifdescr);
 		if (is_ipaddr($gw) && is_ipaddr($ifcfg['ip']))
-                	$ipfrules .= "pass out route-to ( {$ifcfg['if']} {$gw} ) from {$ifcfg['ip']} to any keep state allow-opts label \"let out anything from firewall host itself\"\n";
+                	$ipfrules .= "pass out route-to ( {$ifcfg['if']} {$gw} ) from {$ifcfg['ip']} to !{$ifcfg['sa']}/{$ifcfg['sn']} keep state allow-opts label \"let out anything from firewall host itself\"\n";
         }
 
 
@@ -2472,4 +2472,4 @@ function discover_pkg_rules($ruletype) {
 	return $rules;
 }
 
-?>
\ No newline at end of file
+?>