diff options
-rw-r--r-- | etc/inc/filter.inc | 17 | ||||
-rw-r--r-- | etc/inc/interfaces.inc | 2 | ||||
-rwxr-xr-x | sbin/dhclient-script | 2 | ||||
-rwxr-xr-x | usr/local/sbin/ovpn-linkdown | 2 | ||||
-rwxr-xr-x | usr/local/sbin/ppp-linkdown | 11 | ||||
-rwxr-xr-x | usr/local/sbin/ppp-linkup | 2 |
6 files changed, 13 insertions, 23 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index cf6fbc9..883b737 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -139,17 +139,12 @@ function filter_delete_states_for_down_gateways() { continue; $gwstatus =& $a_gateways[$gateway['monitor']]; if (strstr($gwstatus['status'], "down")) { - $gwip = $gateway['gateway']; - if (!is_ipaddr($gwip)) - $gwip = get_interface_gateway($gateway['friendlyiface']); - if (is_ipaddr($gwstatus['srcip'])) { - $cmd = "/sbin/pfctl -b {$gwstatus['srcip']}/32 "; - if (is_ipaddr($gwip)) - $cmd .= "-b {$gwip}/32"; - else - $cmd .= "-b 0.0.0.0/32"; - mwexec($cmd); - } + if (!empty($gateway['interface'])) + $gwiface = $gateway['interface']; + else + $gwiface = get_real_interface($gateway['friendlyiface']); + $cmd = "/sbin/pfctl -i {$gwiface} -k 0.0.0.0/0"; + mwexec($cmd); } } } diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 890710e..f6a3122 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -1188,7 +1188,7 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg = // log_error("Checking for old router states: {$g['tmp_path']}/{$realif}_router = {$old_router}"); if (!empty($old_router)) { log_error("Clearing states to old gateway {$old_router}."); - mwexec("/sbin/pfctl -b 0.0.0.0/32 -b {$old_router}/32"); + mwexec("/sbin/pfctl -i {$realif} -k 0.0.0.0/0"); } /* remove interface up file if it exists */ diff --git a/sbin/dhclient-script b/sbin/dhclient-script index 21bb473..dda92a9 100755 --- a/sbin/dhclient-script +++ b/sbin/dhclient-script @@ -82,7 +82,7 @@ delete_old_states() { $LOGGER "Comparing Routers: Old: ${OLD_ROUTER} New: ${new_routers}" if [ "${OLD_ROUTER}" != "${new_routers}" ]; then $LOGGER "Removing states through old gateway '${OLD_ROUTER}' (new gateway '${new_routers}')" - /sbin/pfctl -b 0.0.0.0/32 -b ${OLD_ROUTER}/32 + /sbin/pfctl -i $interface -k 0.0.0.0/0 -k ${OLD_ROUTER}/32 fi fi } diff --git a/usr/local/sbin/ovpn-linkdown b/usr/local/sbin/ovpn-linkdown index b300aed..4780b4f 100755 --- a/usr/local/sbin/ovpn-linkdown +++ b/usr/local/sbin/ovpn-linkdown @@ -1,5 +1,5 @@ #!/bin/sh -# /sbin/pfctl -b $4 -b $5 +/sbin/pfctl -i $1 -k 0.0.0.0/0 # delete the node just in case mpd cannot do that /bin/rm -f /var/etc/nameserver_$1 /bin/rm -f /tmp/$1_router diff --git a/usr/local/sbin/ppp-linkdown b/usr/local/sbin/ppp-linkdown index 87560f7..2ab0b6b 100755 --- a/usr/local/sbin/ppp-linkdown +++ b/usr/local/sbin/ppp-linkdown @@ -16,14 +16,9 @@ if [ "$3" != "" ]; then pfctl -K ${LOCAL_IP} fi -OLD_ROUTER=`/bin/cat /tmp/${1}_router` -if [ "${OLD_ROUTER}" != "" ]; then - echo "Removing states to ${OLD_ROUTER}" | logger -t ppp-linkdown - /sbin/pfctl -b 0.0.0.0/32 -b ${OLD_ROUTER}/32 - - if [ -f "/tmp/${interface}_defaultgw" ]; then - route delete default ${OLD_ROUTER} - fi +/sbin/pfctl -i $1 -k 0.0.0.0/0 +if [ -f "/tmp/${1}_defaultgw" ]; then + route delete default ${OLD_ROUTER} fi # delete the node just in case mpd cannot do that /usr/sbin/ngctl shutdown $1: diff --git a/usr/local/sbin/ppp-linkup b/usr/local/sbin/ppp-linkup index 3a62fbb..50308b1 100755 --- a/usr/local/sbin/ppp-linkup +++ b/usr/local/sbin/ppp-linkup @@ -5,7 +5,7 @@ if [ "$2" == "inet" ]; then OLD_ROUTER=`/bin/cat /tmp/${1}_router` if [ "${OLD_ROUTER}" != "" ]; then echo "Removing states to old router ${OLD_ROUTER}" | logger -t ppp-linkup - /sbin/pfctl -b 0.0.0.0/32 -b ${OLD_ROUTER}/32 + /sbin/pfctl -i $1 -k 0.0.0.0/0 -k ${OLD_ROUTER}/32 fi # let the configuration system know that the ipv4 has changed. |