From ba875d5a98a59e336d0426f1c9d5b9d1b33a6932 Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Fri, 14 Apr 2006 18:09:31 +0000
Subject: Only setup anti spoof rules if the interface is really enabled

---
 etc/inc/filter.inc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 6776b89..973fce6 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1729,7 +1729,8 @@ EOD;
 	foreach ($optcfg as $oc) {
 		if (!$oc['bridge'])
 			if($oc['sa'] <> "") 
-				$ipfrules .= "block in $log quick on $wanif from {$oc['sa']}/{$oc['sn']} to any label \"interface spoof check\"\n";
+				if(isset($oc['enable']))
+					$ipfrules .= "block in $log quick on $wanif from {$oc['sa']}/{$oc['sn']} to any label \"interface spoof check\"\n";
 	}
 
 	/* allow PPTP traffic if PPTP client is enabled on WAN */
-- 
cgit v1.1