diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2006-01-19 00:15:20 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2006-01-19 00:15:20 +0000 |
| commit | 61438a1e2cee7388de7a2fceb014fcedbfe2eeb6 (patch) | |
| tree | 9fad17683785ecef1fcb1ac27986fca6ee58fef1 /etc | |
| parent | 6f703733b679c23843d3d13c7616b0d0bf63ac33 (diff) | |
| download | pfsense-61438a1e2cee7388de7a2fceb014fcedbfe2eeb6.zip pfsense-61438a1e2cee7388de7a2fceb014fcedbfe2eeb6.tar.gz | |
Fix XXX. Do not allow DHCP out WAN if interface is not selected for DHCP.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 4a8f9a8..f631135 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1520,15 +1520,16 @@ pass out quick on {$wancfg['if']} proto tcp from any to any port = 1723 flags S/ EOD; } - $ipfrules .= <<<EOD + if ($wancfg['ipaddr'] == "dhcp") { + + $ipfrules .= <<<EOD # allow our DHCP client out to the WAN -# XXX - should be more restrictive -# (not possible at the moment - need 'me' like in ipfw) anchor "wandhcp" pass out quick on $wanif proto udp from any port = 68 to any port = 67 label "allow dhcp client out wan" EOD; + } if($config['interfaces']['lan']['bridge'] <> "wan" and $config['interfaces']['wan']['bridge'] <> "lan") $ipfrules .= "block in $log quick on $wanif proto udp from any port = 67 to {$lansa_sn_combo} port = 68 label \"allow dhcp client out wan\"\n"; |
