From 096f2962a95269a4ac69a38fd615d6e4da0256eb Mon Sep 17 00:00:00 2001 From: Ermal Date: Tue, 12 Feb 2013 12:01:09 +0000 Subject: Ticket #1629 Another round of fixes related to state clearing --- etc/inc/filter.inc | 5 +++++ etc/inc/interfaces.inc | 2 +- sbin/dhclient-script | 6 ++---- usr/local/sbin/ppp-linkdown | 1 + 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 12ef74f..15c9db3 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -145,6 +145,11 @@ function filter_delete_states_for_down_gateways() { $gwiface = get_real_interface($gateway['friendlyiface']); $cmd = "/sbin/pfctl -i {$gwiface} -Fs"; mwexec($cmd); + $gwip = $gateway['gateway']; + if (is_ipaddr($gwip)) { + $cmd = "/sbin/pfctl -i {$gwiface} -Fs -G {$gwip}"; + mwexec($cmd); + } } } } diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 6698ba5..55c8bbc 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -1235,7 +1235,7 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg = // log_error("Checking for old router states: {$g['tmp_path']}/{$realif}_router = {$old_router}"); if (!empty($old_router)) { log_error("Clearing states to old gateway {$old_router}."); - mwexec("/sbin/pfctl -i {$realif} -Fs"); + mwexec("/sbin/pfctl -i {$realif} -Fs; /sbin/pfctl -i {$realif} -Fs -G {$old_router}"); } /* remove interface up file if it exists */ diff --git a/sbin/dhclient-script b/sbin/dhclient-script index 272bb77..814d1b9 100755 --- a/sbin/dhclient-script +++ b/sbin/dhclient-script @@ -66,8 +66,7 @@ delete_old_states() { $LOGGER "Comparing IPs: Old: ${OLD_IP} New: ${new_ip_address}" if [ -n "${OLD_IP}" ] && [ "${OLD_IP}" != "${new_ip_address}" ]; then $LOGGER "Removing states from old IP '${OLD_IP}' (new IP '${new_ip_address}')" - /sbin/pfctl -k 0.0.0.0/0 -k ${OLD_IP}/32 - /sbin/pfctl -k ${OLD_IP}/32 + /sbin/pfctl -i $interface -Fs pfctl -K ${OLD_IP}/32 fi fi @@ -82,8 +81,7 @@ delete_old_states() { $LOGGER "Comparing Routers: Old: ${OLD_ROUTER} New: ${new_routers}" if [ "${OLD_ROUTER}" != "${new_routers}" ]; then $LOGGER "Removing states through old gateway '${OLD_ROUTER}' (new gateway '${new_routers}')" - /sbin/pfctl -i $interface -k 0.0.0.0/0 -k ${OLD_ROUTER}/32 - /sbin/pfctl -i $interface -k ${OLD_ROUTER}/32 -k 0.0.0.0/0 + /sbin/pfctl -i $interface -Fs -G ${OLD_ROUTER} fi fi } diff --git a/usr/local/sbin/ppp-linkdown b/usr/local/sbin/ppp-linkdown index 69f9f88..31d89c6 100755 --- a/usr/local/sbin/ppp-linkdown +++ b/usr/local/sbin/ppp-linkdown @@ -14,6 +14,7 @@ if [ "$3" != "" ]; then /sbin/pfctl -k 0.0.0.0/0 -k ${LOCAL_IP} /sbin/pfctl -k ${LOCAL_IP} pfctl -K ${LOCAL_IP} + pfctl -i $1 -Fs fi /sbin/pfctl -i $1 -Fs -- cgit v1.1