diff options
author | Renato Botelho <garga@FreeBSD.org> | 2013-03-12 11:37:31 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2013-03-12 11:37:31 -0300 |
commit | a1f735b31c8f7f0cca0ebc5a7153cd06cdf4482e (patch) | |
tree | 4fcb8a1ed240ce4e3c2460ab7fe7af1eb1297ee6 /etc | |
parent | 4f537e9396fe427e350e57f7290bde26ca2dcbac (diff) | |
download | pfsense-a1f735b31c8f7f0cca0ebc5a7153cd06cdf4482e.zip pfsense-a1f735b31c8f7f0cca0ebc5a7153cd06cdf4482e.tar.gz |
Do not route do default gw when rule gw is down
- Add a new advanced misc option to change the behaviour
- When it is set and rule has its own gateway, that is down, just
disable the rule instead of routing it to default gw
Fixes #2858
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 70aef9f..ad0ec33 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -653,7 +653,10 @@ function filter_generate_gateways() { $gwip = get_interface_gateway($gateway['friendlyiface']); if (is_ipaddr($gwip) && !empty($int)) $route = "route-to ( {$int} {$gwip} )"; - $rules .= "GW{$gwname} = \" {$route} \"\n"; + if (($route === "") && isset($config['system']['skip_rules_gw_down'])) + unset($GatewaysList[$gwname]); + else + $rules .= "GW{$gwname} = \" {$route} \"\n"; } } @@ -689,7 +692,10 @@ function filter_generate_gateways() { } } } - $rules .= "GW{$gateway} = \" {$route} \"\n"; + if (($route === "") && isset($config['system']['skip_rules_gw_down'])) + unset($GatewayGroupsList[$gateway]); + else + $rules .= "GW{$gateway} = \" {$route} \"\n"; } } @@ -2162,6 +2168,8 @@ function filter_generate_user_rule($rule) { if (isset($GatewaysList[$rule['gateway']])) /* Add the load balanced gateways */ $aline['route'] = " \$GW{$rule['gateway']} "; + else if (isset($config['system']['skip_rules_gw_down'])) + return "# rule " . $rule['descr'] . " disabled because gateway " . $rule['gateway'] . " is down "; else log_error("The gateway: {$rule['gateway']} is invalid or unknown, not using it."); } |