diff options
author | Chris Buechler <cmb@pfsense.org> | 2016-01-07 19:43:05 -0600 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2016-01-07 19:43:05 -0600 |
commit | c8705b31e252f37069312ebf2ee7631cd469391b (patch) | |
tree | aacd2bc68aea3c8989f6bd719ba3f386a27cb73e /src/etc/inc | |
parent | fa251db5bf91645c933184cfc9f8866a9b060254 (diff) | |
download | pfsense-c8705b31e252f37069312ebf2ee7631cd469391b.zip pfsense-c8705b31e252f37069312ebf2ee7631cd469391b.tar.gz |
Account for IP aliases in IPsec firewall rules. Ticket #5500
Diffstat (limited to 'src/etc/inc')
-rw-r--r-- | src/etc/inc/filter.inc | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index a06b63e..7b8692b 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -4038,6 +4038,14 @@ function filter_generate_ipsec_rules($log = array()) { if (strpos($ph1ent['interface'], "_vip")) { $parentinterface = get_configured_carp_interface_list($ph1ent['interface'], '', 'iface'); + } else if (is_ipaddr($ph1ent['interface'])) { + if (is_array($config['virtualip']['vip'])) { + foreach ($config['virtualip']['vip'] as $vip) { + if ($ph1ent['interface'] == $vip['subnet']) { + $parentinterface = $vip['interface']; + } + } + } } else { $parentinterface = $ph1ent['interface']; } |