diff options
author | Ermal <eri@pfsense.org> | 2010-04-13 23:19:59 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2010-04-13 23:19:59 +0000 |
commit | c74804cd45599f85d1c70d499a2e3fecea3e2fff (patch) | |
tree | 32a840f6817508ed048950e284f3fd6495729dc6 /etc | |
parent | 52e952864906792ffd2a03fa630df6b4f17c0073 (diff) | |
download | pfsense-c74804cd45599f85d1c70d499a2e3fecea3e2fff.zip pfsense-c74804cd45599f85d1c70d499a2e3fecea3e2fff.tar.gz |
Add code to allow applications on pfSense itself that bind to a socket or want to source route traffic to work. This fixes DynDns on multi-wan as the simplest of it.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 48f8ba0..a143a31 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1878,6 +1878,14 @@ EOD; pass out all keep state allow-opts label "let out anything from firewall host itself" EOD; + foreach ($FilterIflist as $ifdescr => $ifcfg) { + if(isset($ifcfg['virtual'])) + continue; + $gw = get_interface_gateway($ifdescr); + if (is_ipaddr($gw) && is_ipaddr($ifcfg['ip'])) + $ipfrules .= "pass out route-to ( {$ifcfg['if']} {$gw} ) from {$ifcfg['ip']} to any keep state allow-opts label \"let out anything from firewall host itself\"\n"; + } + /* add ipsec interfaces */ if(isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) |