diff options
| author | Charlie <root@pfsense.local> | 2009-09-16 08:34:50 +0500 |
|---|---|---|
| committer | Charlie <root@pfsense.local> | 2009-09-16 08:34:50 +0500 |
| commit | 2afbe080414578d9cd0fba7efd9c6b38f7750a9f (patch) | |
| tree | a17d060fa6869015ed2ce799383c95ffddccd234 /etc | |
| parent | 68f452a84e81a4ec9976da19c0c8c319c86baff1 (diff) | |
| download | pfsense-2afbe080414578d9cd0fba7efd9c6b38f7750a9f.zip pfsense-2afbe080414578d9cd0fba7efd9c6b38f7750a9f.tar.gz | |
Add allow-opts at Upstream igmpproxy interface if the package is present
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index f783255..1430a65 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1734,6 +1734,27 @@ pass in on \$loopback all label "pass loopback" pass out on \$loopback all label "pass loopback" anchor "firewallout" + +EOD; + + /* find out igmpproxy upstream interface name if igmpproxy installed/configured */ + if (is_array($config['installedpackages']['igmpproxy']['config'])){ + $igmp_upstr_int_real_name = ""; + $igmp_cfg =& $config['installedpackages']['igmpproxy']['config']; + foreach($igmp_cfg as $igmp_int){ + if ($igmp_int['igmptype'] == 'upstream') + $igmp_upstr_int_real_name = $config['interfaces'][$igmp_int['igmpname']]['if']; + } + if ($igmp_upstr_int_real_name != ""){ + $ipfrules .= <<<EOD +# let out IGMP with IP-options +pass out on $igmp_upstr_int_real_name all allow-opts keep state label "let out with IP-options on IGMP Upstream interface" + +EOD; + + } + } + $ipfrules .= <<<EOD # let out anything from the firewall host itself and decrypted IPsec traffic pass out all keep state label "let out anything from firewall host itself" |
