Auto-add firewall rules for DHCP Relay, same as is done for DHCP Server. Add filter reload to DHCP Relay config so rules are immediately added/removed. Ticket #4558

1 files changed, 13 insertions, 0 deletions

diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
index 18cae55..95d5d1b 100644
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -3333,6 +3333,19 @@ EOD;
 					}
 
 				}
+				/* allow access to DHCP relay on interfaces */
+				if(isset($config['dhcrelay']['enable'])) {
+					$dhcifaces = explode(",", $dhcrelaycfg['interface']);
+					foreach ($dhcifaces as $dhcrelayif) {
+						if ($dhcrelayif = $on) {
+							$ipfrules .= <<<EOD
+# allow access to DHCP relay on {$oc['descr']}
+pass in {$log['pass']} quick on \${$oc['descr']} proto udp from any port = 68 to 255.255.255.255 port = 67 tracker {$increment_tracker($tracker)} label "allow access to DHCP relay"
+
+EOD;
+						}
+					}
+				}
 				break;
 		}