diff options
| author | smos <seth.mos@dds.nl> | 2011-08-15 20:07:04 +0200 |
|---|---|---|
| committer | smos <seth.mos@dds.nl> | 2011-08-15 20:07:04 +0200 |
| commit | 52a1f701db9bf5f3e2b99c93f1f05131e3791d08 (patch) | |
| tree | 49c6ee5e7f2513c24bb3f41e30c81ea2bbfe6335 /etc | |
| parent | 460082ce6035bfa4e9afadb974b27de3768bf45b (diff) | |
| download | pfsense-52a1f701db9bf5f3e2b99c93f1f05131e3791d08.zip pfsense-52a1f701db9bf5f3e2b99c93f1f05131e3791d08.tar.gz | |
Fix broken static route bypass rules
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 27 |
1 files changed, 13 insertions, 14 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 125238f..113df08 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2571,17 +2571,17 @@ EOD; * topologies */ if(isset($config['filter']['bypassstaticroutes']) && is_array($config['staticroutes']['route']) && count($config['staticroutes']['route'])) { + $ipfrules .= "# Add rules to bypass firewall rules for static routes\n": foreach ($config['staticroutes']['route'] as $route) { $friendly = $GatewaysList[$route['gateway']]['friendlyiface']; if(is_array($FilterIflist[$friendly])) { $oc = $FilterIflist[$friendly]; - if(is_ipaddrv4($route['network'])) { - if($oc['ip']) { - $sa = $oc['sa']; - $sn = $oc['sn']; - $if = $oc['if']; - } - if($sa) { + if($oc['ip']) { + $sa = $oc['sa']; + $sn = $oc['sn']; + $if = $oc['if']; + } + if($sa) { $ipfrules .= <<<EOD pass quick on \${$oc['descr']} proto tcp from {$sa}/{$sn} to {$route['network']} flags any keep state(sloppy) label "pass traffic between statically routed subnets" pass quick on \${$oc['descr']} from {$sa}/{$sn} to {$route['network']} keep state(sloppy) label "pass traffic between statically routed subnets" @@ -2591,13 +2591,12 @@ pass quick on \${$oc['descr']} from {$route['network']} to {$sa}/{$sn} keep stat EOD; } } - if(is_ipaddrv6($route['network'])) { - if($oc['ipv6']) { - $sa = $oc['sav6']; - $sn = $oc['snv6']; - $if = $oc['if']; - } - if($sa) { + if($oc['ipv6']) { + $sa = $oc['sav6']; + $sn = $oc['snv6']; + $if = $oc['if']; + } + if($sa) { $ipfrules .= <<<EOD pass quick on \${$oc['descr']} inet6 proto tcp from {$sa}/{$sn} to {$route['network']} flags any keep state(sloppy) label "pass traffic between statically routed subnets" pass quick on \${$oc['descr']} inet6 from {$sa}/{$sn} to {$route['network']} keep state(sloppy) label "pass traffic between statically routed subnets" |
