diff options
author | Renato Botelho <garga@pfSense.org> | 2013-07-19 05:58:55 -0700 |
---|---|---|
committer | Renato Botelho <garga@pfSense.org> | 2013-07-19 05:58:55 -0700 |
commit | 04498edb46a80e258073c159a72bfd69a457ed6e (patch) | |
tree | 0c451ecb896bb6e1429bf412334a07301beae8e7 /etc | |
parent | 7523c8e946de30c63f9b8f57bd5e91cb0617a9f1 (diff) | |
parent | 7f76f2df358b173f45b6968abde618d300bf54ff (diff) | |
download | pfsense-04498edb46a80e258073c159a72bfd69a457ed6e.zip pfsense-04498edb46a80e258073c159a72bfd69a457ed6e.tar.gz |
Merge pull request #714 from phil-davis/master
Minimize inclusion of bogonsv6
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 23ef0d9..ba2dfa0 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -58,6 +58,21 @@ $filterdns = array(); /* Used for aliases and interface macros */ $aliases = ""; +function is_bogonsv6_used() { + global $config, $g; + # Only use bogonsv6 table if IPv6 Allow is on, and at least 1 enabled interface also has "blockbogons" enabled. + $usebogonsv6 = false; + if (isset($config['system']['ipv6allow'])) { + foreach ($config['interfaces'] as $ifacedata) { + if(isset($ifacedata['enable']) && isset($ifacedata['blockbogons'])) { + $usebogonsv6 = true; + break; + } + } + } + return $usebogonsv6; +} + function flowtable_configure() { global $config, $g; @@ -326,8 +341,8 @@ function filter_configure_sync($delete_states_if_needed = true) { } } - # If allow IPv6 has been unchecked then we can remove any bogonsv6 table (if the table is not there, the kill is still fine). - if (!isset($config['system']['ipv6allow'])) + # If we are not using bogonsv6 then we can remove any bogonsv6 table from the running pf (if the table is not there, the kill is still fine). + if (!is_bogonsv6_used()) $_grbg = exec("/sbin/pfctl -t bogonsv6 -T kill"); update_filter_reload_status(gettext("Starting up layer7 daemon")); @@ -565,7 +580,7 @@ function filter_generate_aliases() { if (!file_exists("/etc/bogonsv6")) @file_put_contents("/etc/bogonsv6", ""); $aliases .= "table <bogons> persist file \"/etc/bogons\"\n"; - if (isset($config['system']['ipv6allow'])) + if (is_bogonsv6_used()) $aliases .= "table <bogonsv6> persist file \"/etc/bogonsv6\"\n"; $vpns_list = filter_get_vpns_list(); |