diff options
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 17 | ||||
| -rw-r--r-- | etc/inc/interfaces.inc | 2 |
2 files changed, 7 insertions, 12 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index cf6fbc9..883b737 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -139,17 +139,12 @@ function filter_delete_states_for_down_gateways() { continue; $gwstatus =& $a_gateways[$gateway['monitor']]; if (strstr($gwstatus['status'], "down")) { - $gwip = $gateway['gateway']; - if (!is_ipaddr($gwip)) - $gwip = get_interface_gateway($gateway['friendlyiface']); - if (is_ipaddr($gwstatus['srcip'])) { - $cmd = "/sbin/pfctl -b {$gwstatus['srcip']}/32 "; - if (is_ipaddr($gwip)) - $cmd .= "-b {$gwip}/32"; - else - $cmd .= "-b 0.0.0.0/32"; - mwexec($cmd); - } + if (!empty($gateway['interface'])) + $gwiface = $gateway['interface']; + else + $gwiface = get_real_interface($gateway['friendlyiface']); + $cmd = "/sbin/pfctl -i {$gwiface} -k 0.0.0.0/0"; + mwexec($cmd); } } } diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 890710e..f6a3122 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -1188,7 +1188,7 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg = // log_error("Checking for old router states: {$g['tmp_path']}/{$realif}_router = {$old_router}"); if (!empty($old_router)) { log_error("Clearing states to old gateway {$old_router}."); - mwexec("/sbin/pfctl -b 0.0.0.0/32 -b {$old_router}/32"); + mwexec("/sbin/pfctl -i {$realif} -k 0.0.0.0/0"); } /* remove interface up file if it exists */ |
