diff options
author | Ermal <eri@pfsense.org> | 2013-01-31 22:04:07 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2013-01-31 22:04:07 +0000 |
commit | 8f563bb423ab8a1c06a191b5fc772a260b042360 (patch) | |
tree | 86ca795cdc4d52a599eb3e588bf67168a6fa12b4 /usr/local/sbin | |
parent | b686e5d0ceff87525319a900b078fd41faede9b4 (diff) | |
download | pfsense-8f563bb423ab8a1c06a191b5fc772a260b042360.zip pfsense-8f563bb423ab8a1c06a191b5fc772a260b042360.tar.gz |
Use the better -Fs modifies to pf to kill the states by interface. Also kill both sides on an interface when -k needs to be used
Diffstat (limited to 'usr/local/sbin')
-rwxr-xr-x | usr/local/sbin/ovpn-linkdown | 2 | ||||
-rwxr-xr-x | usr/local/sbin/ppp-linkdown | 2 | ||||
-rwxr-xr-x | usr/local/sbin/ppp-linkup | 1 | ||||
-rwxr-xr-x | usr/local/sbin/vpn-linkdown | 7 |
4 files changed, 5 insertions, 7 deletions
diff --git a/usr/local/sbin/ovpn-linkdown b/usr/local/sbin/ovpn-linkdown index 4780b4f..708d507 100755 --- a/usr/local/sbin/ovpn-linkdown +++ b/usr/local/sbin/ovpn-linkdown @@ -1,5 +1,5 @@ #!/bin/sh -/sbin/pfctl -i $1 -k 0.0.0.0/0 +/sbin/pfctl -i $1 -Fs # delete the node just in case mpd cannot do that /bin/rm -f /var/etc/nameserver_$1 /bin/rm -f /tmp/$1_router diff --git a/usr/local/sbin/ppp-linkdown b/usr/local/sbin/ppp-linkdown index 2ab0b6b..69f9f88 100755 --- a/usr/local/sbin/ppp-linkdown +++ b/usr/local/sbin/ppp-linkdown @@ -16,7 +16,7 @@ if [ "$3" != "" ]; then pfctl -K ${LOCAL_IP} fi -/sbin/pfctl -i $1 -k 0.0.0.0/0 +/sbin/pfctl -i $1 -Fs if [ -f "/tmp/${1}_defaultgw" ]; then route delete default ${OLD_ROUTER} fi diff --git a/usr/local/sbin/ppp-linkup b/usr/local/sbin/ppp-linkup index 50308b1..1e9fdaa 100755 --- a/usr/local/sbin/ppp-linkup +++ b/usr/local/sbin/ppp-linkup @@ -6,6 +6,7 @@ if [ "$2" == "inet" ]; then if [ "${OLD_ROUTER}" != "" ]; then echo "Removing states to old router ${OLD_ROUTER}" | logger -t ppp-linkup /sbin/pfctl -i $1 -k 0.0.0.0/0 -k ${OLD_ROUTER}/32 + /sbin/pfctl -i $1 -k ${OLD_ROUTER}/32 -k 0.0.0.0/0 fi # let the configuration system know that the ipv4 has changed. diff --git a/usr/local/sbin/vpn-linkdown b/usr/local/sbin/vpn-linkdown index 0549b1f..b6d033c 100755 --- a/usr/local/sbin/vpn-linkdown +++ b/usr/local/sbin/vpn-linkdown @@ -2,8 +2,5 @@ # record logout /usr/bin/logger -p local3.info "logout,$1,$4,$5" -/sbin/pfctl -i $1 -b 0.0.0.0/32 -b $4/32 -/sbin/pfctl -i $1 -k $4/32 -/sbin/pfctl -i $1 -k 0.0.0.0/32 $4/32 -/sbin/pfctl -i $1 -K $4/32 -/sbin/pfctl -i $1 -K 0.0.0.0/32 -K $4/32 +/sbin/pfctl -i $1 -Fs +/sbin/pfctl -K $4/32 |