diff options
author | Chris Buechler <cmb@pfsense.org> | 2016-02-04 15:37:13 -0600 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2016-02-04 15:38:13 -0600 |
commit | d46049e1540fae78cc1a5929bdb7e84cf3a46dd0 (patch) | |
tree | f6b15aac155dfe8008e179e6a2a28f4af705ad09 /src/etc | |
parent | 00de7de690df0beb8fff755518890878c1c7e41c (diff) | |
download | pfsense-d46049e1540fae78cc1a5929bdb7e84cf3a46dd0.zip pfsense-d46049e1540fae78cc1a5929bdb7e84cf3a46dd0.tar.gz |
Allow gateway weights up to 30, and add a check in filter.inc to prevent creating too long of a route-to line. Related to pull request 1614
Diffstat (limited to 'src/etc')
-rw-r--r-- | src/etc/inc/filter.inc | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index 69ddc36..efa0d09 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -907,6 +907,7 @@ function filter_generate_gateways() { if (count($members) > 0) { $foundlb = 0; $routeto = ""; + $routetomembers = 0; foreach ($members as $idx => $member) { $int = $member['int']; $gatewayip = $member['gwip']; @@ -914,10 +915,17 @@ function filter_generate_gateways() { if ($g['debug']) { log_error(sprintf(gettext('Setting up route with %1$s on %2$s'), $gatewayip, $int)); } + if ($routetomembers + $member['weight'] > 384) { + // would create invalid ruleset, bail + log_error(sprintf(gettext("Too many members in group %s, gateway group truncated in ruleset."), $member['name'])); + continue; + } if ($member['weight'] > 1) { $routeto .= str_repeat("( {$int} {$gatewayip} ) ", $member['weight']); + $routetomembers += $member['weight']; } else { $routeto .= "( {$int} {$gatewayip} ) "; + $routetomembers++; } $foundlb++; } else { |