summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorErmal Luci <eri@pfsense.org>2009-01-25 19:28:53 +0000
committerErmal Luci <eri@pfsense.org>2009-01-25 19:28:53 +0000
commit775ccea3128661220000fddeffe5496c8c4d4775 (patch)
treed3474a0c3bc4a23ed928e307b6bde248d7b42cbf /etc
parente09bd5be5fd91e902d0d88f7c650b9e0b46eaca8 (diff)
downloadpfsense-775ccea3128661220000fddeffe5496c8c4d4775.zip
pfsense-775ccea3128661220000fddeffe5496c8c4d4775.tar.gz
Add allow-opts filter rule option which is useful in multicast rule options.
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/filter.inc14
1 files changed, 8 insertions, 6 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index fc3af04..7b190d4 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1612,12 +1612,14 @@ function generate_user_filter_rule($rule)
$aline['icmp-type'] = "icmp6-type {$rule['icmp6type']} ";
}
if ($type == "pass") {
- if (isset($rule['tag']) && $rule['tag'] <> "")
+ if (!empty($rule['tag']))
$aline['tag'] = " tag " .$rule['tag']. " ";
- if (isset($rule['tagged']) && $rule['tagged'] <> "")
+ if (!empty($rule['tagged']))
$aline['tagged'] = " tagged " .$rule['tagged'] . " ";
- if (isset($rule['dscp']) && $rule['dscp'] <> "")
+ if (!empty($rule['dscp']))
$aline['dscp'] = " dscp " . $rule['dscp'] . " ";
+ if (isset($rule['allowopts']))
+ $aline['allowopts'] = " allow-opts ";
if( isset($rule['source-track']) or isset($rule['max-src-nodes']) or isset($rule['max-src-states']) )
if($rule['protocol'] == "tcp")
$aline['flags'] = "flags S/SA ";
@@ -1745,14 +1747,14 @@ function generate_user_filter_rule($rule)
$vpns = " to <vpns> ";
$line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] . $aline['interface'] . $aline['prot'] .
$aline['src'] . $aline['srcport'] . $aline['os'] . $vpns . $aline['dstport'].
- $aline['icmp-type'] . $aline['tag'] . $aline['tagged'] . $aline['dscp'] . $aline['flags'].
+ $aline['icmp-type'] . $aline['tag'] . $aline['tagged'] . $aline['dscp'] . $aline['allowopts'] . $aline['flags'].
$aline['queue'] . $aline['dnpipe'] .
" label \"NEGATE_ROUTE: Negate policy route for local network(s)\"\n";
/* negate directly connected networks for load balancer/gateway rules */
$direct_networks = " to <direct_networks> ";
$line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] . $aline['interface'] . $aline['prot'] .
$aline['src'] . $aline['srcport'] . $aline['os'] . $direct_networks . $aline['dstport'].
- $aline['icmp-type'] . $aline['tag'] . $aline['tagged'] . $aline['dscp'] .
+ $aline['icmp-type'] . $aline['tag'] . $aline['tagged'] . $aline['dscp'] . $aline['allowopts'] .
$aline['flags'] . $aline['queue'] . $aline['dnpipe'] .
" label \"NEGATE_ROUTE: Negate policy route for local network(s)\"\n";
}
@@ -1760,7 +1762,7 @@ function generate_user_filter_rule($rule)
$line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] . $aline['interface'] . $aline['reply'] .
$aline['route'] . $aline['prot'] . $aline['src'] . $aline['srcport'] . $aline['os'] . $aline['dst'] .
$aline['dstport'] . $aline['divert'] . $aline['icmp-type'] . $aline['tag'] . $aline['tagged'] . $aline['dscp'] .
- $aline['flags'] . $aline['queue'] . $aline['dnpipe'];
+ $aline['allowopts'] . $aline['flags'] . $aline['queue'] . $aline['dnpipe'];
/* is a time based rule schedule attached? */
if(!empty($rule['sched'])) {
OpenPOWER on IntegriCloud