diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2005-08-02 22:11:22 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2005-08-02 22:11:22 +0000 |
| commit | 49c30bd730a176e882bc32264cad9fac52123bce (patch) | |
| tree | 00c150b38c32f8dc36fafd583eda2273e3e1b402 /etc | |
| parent | ac671944e5bf99e2664714a89aeffef5964eb565 (diff) | |
| download | pfsense-49c30bd730a176e882bc32264cad9fac52123bce.zip pfsense-49c30bd730a176e882bc32264cad9fac52123bce.tar.gz | |
Avoid breaking the filter rules when in lan bridging mode by defaulting to 192.168.1.1
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 6a064b1..3aba89d 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1581,6 +1581,11 @@ function filter_rules_generate() { $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']); $lansn = $lancfg['subnet']; + if($lansa) + $lansa_sn_combo = "{$lansa}/{$lansn}"; + else + $lansa_sn_combo = "192.168.1.1/32"; + /* optional interfaces */ $optcfg = array(); generate_optcfg_array($optcfg); @@ -1757,7 +1762,7 @@ EOD; # (not possible at the moment - need 'me' like in ipfw) anchor "wandhcp" pass out quick on $wanif proto udp from any port = 68 to any port = 67 label "allow dhcp client out wan" -block in $log quick on $wanif proto udp from any port = 67 to $lansa/$lansn port = 68 label "allow dhcp client out wan" +block in $log quick on $wanif proto udp from any port = 67 to {$lansa_sn_combo} port = 68 label "allow dhcp client out wan" pass in quick on $wanif proto udp from any port = 67 to any port = 68 label "allow dhcp client out wan" # LAN/OPT spoof check (needs to be after DHCP because of broadcast addresses) |
