summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorChris Buechler <cmb@pfsense.org>2015-10-14 01:25:22 -0500
committerChris Buechler <cmb@pfsense.org>2015-10-14 01:25:22 -0500
commit594473698158b8fc8830fa2e8fc6ce3959bde81d (patch)
tree1b79f82852a227e2149bf944d47150a67cdef387 /etc
parent6f4c051cb8a6b9d3b897909e5c1f59be7e92edd1 (diff)
downloadpfsense-594473698158b8fc8830fa2e8fc6ce3959bde81d.zip
pfsense-594473698158b8fc8830fa2e8fc6ce3959bde81d.tar.gz
Auto-add firewall rules for DHCP Relay, same as is done for DHCP Server. Add filter reload to DHCP Relay config so rules are immediately added/removed. Ticket #4558
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/filter.inc13
1 files changed, 13 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 701fbbd..b23b75a 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -3117,6 +3117,19 @@ EOD;
}
}
+ /* allow access to DHCP relay on interfaces */
+ if(isset($config['dhcrelay']['enable'])) {
+ $dhcifaces = explode(",", $dhcrelaycfg['interface']);
+ foreach ($dhcifaces as $dhcrelayif) {
+ if ($dhcrelayif = $on) {
+ $ipfrules .= <<<EOD
+# allow access to DHCP relay on {$oc['descr']}
+pass in {$log['pass']} quick on \${$oc['descr']} proto udp from any port = 68 to 255.255.255.255 port = 67 tracker {$increment_tracker($tracker)} label "allow access to DHCP relay"
+
+EOD;
+ }
+ }
+ }
break;
}
OpenPOWER on IntegriCloud