diff options
author | Chris Buechler <cmb@pfsense.org> | 2015-10-14 01:37:12 -0500 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2015-10-14 01:37:12 -0500 |
commit | 1ab880ef232ee94d08700f3ca3717ad69fcdb247 (patch) | |
tree | 8c9af260a05c8800ec97771d4945af11e178b01b /src/etc/inc | |
parent | 66999e391c6f212c8133cb0e491eb6fd0df43f56 (diff) | |
download | pfsense-1ab880ef232ee94d08700f3ca3717ad69fcdb247.zip pfsense-1ab880ef232ee94d08700f3ca3717ad69fcdb247.tar.gz |
Auto-add firewall rules for DHCP Relay, same as is done for DHCP Server. Add filter reload to DHCP Relay config so rules are immediately added/removed. Ticket #4558
Diffstat (limited to 'src/etc/inc')
-rw-r--r-- | src/etc/inc/filter.inc | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index 18cae55..95d5d1b 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -3333,6 +3333,19 @@ EOD; } } + /* allow access to DHCP relay on interfaces */ + if(isset($config['dhcrelay']['enable'])) { + $dhcifaces = explode(",", $dhcrelaycfg['interface']); + foreach ($dhcifaces as $dhcrelayif) { + if ($dhcrelayif = $on) { + $ipfrules .= <<<EOD +# allow access to DHCP relay on {$oc['descr']} +pass in {$log['pass']} quick on \${$oc['descr']} proto udp from any port = 68 to 255.255.255.255 port = 67 tracker {$increment_tracker($tracker)} label "allow access to DHCP relay" + +EOD; + } + } + } break; } |