dhcrelay: patch the last spot for rule generation #6983

2026-03-16 01:24:38 +00:00 · 2024-03-14 13:00:13 +01:00 · 2024-03-14 13:00:13 +01:00 · 0eb267f048
commit 0eb267f048
parent e1b313852a
2 changed files with 37 additions and 4 deletions
--- a/src/etc/inc/filter.lib.inc
+++ b/src/etc/inc/filter.lib.inc
@ -202,6 +202,9 @@ function filter_core_rules_system($fw, $defaults)
 {
    global $config;

+    $dhcrelay6_interfaces = plugins_run('dhcrelay_interfaces', ['inet6']);
+    $dhcrelay6_interfaces = !empty($dhcrelay6_interfaces['dhcrelay']) ? $dhcrelay6_interfaces['dhcrelay'] : [];
+
    // block All IPv6 except loopback traffic
    $fw->registerFilterRule(
        1,
@ -481,10 +484,7 @@ function filter_core_rules_system($fw, $defaults)
            default:
                $dhcpdv6_enabled = isset($config['dhcpdv6'][$intf]['enable']);
                $track6_enabled = isset($intfinfo['track6-interface']);
-                $dhcrelay6_interfaces = array();
-                if (!empty($config['dhcrelay6']['interface']) && isset($config['dhcrelay6']['enable'])) {
-                    $dhcrelay6_interfaces = explode(',', $config['dhcrelay6']['interface']);
-                }
+
                if ($dhcpdv6_enabled || $track6_enabled || in_array($intf, $dhcrelay6_interfaces)) {
                    $fw->registerFilterRule(
                        1,
--- a/src/etc/inc/plugins.inc.d/dhcrelay.inc
+++ b/src/etc/inc/plugins.inc.d/dhcrelay.inc
@ -35,6 +35,13 @@ function dhcrelay_configure()
    ];
 }

+function dhcrelay_run()
+{
+    return [
+        'dhcrelay_interfaces' => 'dhcrelay_interfaces',
+    ];
+}
+
 function dhcrelay_services()
 {
    $services = [];
@ -153,3 +160,29 @@ function dhcrelay_configure_do($verbose = false, $id = null)

    service_log("done.\n", $verbose);
 }
+
+function dhcrelay_interfaces($family = null)
+{
+    $mdl = new \OPNsense\DHCRelay\DHCRelay();
+    $interfaces = [];
+
+    foreach ($mdl->relays->iterateItems() as $relay) {
+        if ((string)$relay->enabled != '1') {
+            continue;
+        }
+
+        $destination = $mdl->getNodeByReference("destinations.{$relay->destination}");
+        if ($destination == null) {
+            continue;
+        }
+
+        $dstfamily = strpos((string)$destination->server, '.') !== false ? 'inet' : 'inet6';
+        if ($family !== null && $family != $dstfamily) {
+            continue;
+        }
+
+        $interfaces[(string)$relay->interface] = 1;
+    }
+
+    return array_keys($interfaces);
+}