diff options
-rw-r--r-- | etc/inc/filter.inc | 27 |
1 files changed, 13 insertions, 14 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 125238f..113df08 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2571,17 +2571,17 @@ EOD; * topologies */ if(isset($config['filter']['bypassstaticroutes']) && is_array($config['staticroutes']['route']) && count($config['staticroutes']['route'])) { + $ipfrules .= "# Add rules to bypass firewall rules for static routes\n": foreach ($config['staticroutes']['route'] as $route) { $friendly = $GatewaysList[$route['gateway']]['friendlyiface']; if(is_array($FilterIflist[$friendly])) { $oc = $FilterIflist[$friendly]; - if(is_ipaddrv4($route['network'])) { - if($oc['ip']) { - $sa = $oc['sa']; - $sn = $oc['sn']; - $if = $oc['if']; - } - if($sa) { + if($oc['ip']) { + $sa = $oc['sa']; + $sn = $oc['sn']; + $if = $oc['if']; + } + if($sa) { $ipfrules .= <<<EOD pass quick on \${$oc['descr']} proto tcp from {$sa}/{$sn} to {$route['network']} flags any keep state(sloppy) label "pass traffic between statically routed subnets" pass quick on \${$oc['descr']} from {$sa}/{$sn} to {$route['network']} keep state(sloppy) label "pass traffic between statically routed subnets" @@ -2591,13 +2591,12 @@ pass quick on \${$oc['descr']} from {$route['network']} to {$sa}/{$sn} keep stat EOD; } } - if(is_ipaddrv6($route['network'])) { - if($oc['ipv6']) { - $sa = $oc['sav6']; - $sn = $oc['snv6']; - $if = $oc['if']; - } - if($sa) { + if($oc['ipv6']) { + $sa = $oc['sav6']; + $sn = $oc['snv6']; + $if = $oc['if']; + } + if($sa) { $ipfrules .= <<<EOD pass quick on \${$oc['descr']} inet6 proto tcp from {$sa}/{$sn} to {$route['network']} flags any keep state(sloppy) label "pass traffic between statically routed subnets" pass quick on \${$oc['descr']} inet6 from {$sa}/{$sn} to {$route['network']} keep state(sloppy) label "pass traffic between statically routed subnets" |