lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-13 08:09:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

firewall: reduce impact of link-local inject to FilterRule on matching interface; closes #5907

Browse Source 
Now we know why pf(4) does not want to fix this.  ;)
This commit is contained in:
Franco Fichtner 2022-07-29 08:16:55 +02:00
parent ef0d238ba1
commit 2412d574f3
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/opnsense/mvc/app/library/OPNsense/Firewall/Rule.php
View File

@ -255,7 +255,7 @@ abstract class Rule
}
} elseif (!empty($interfaces[$network_name]['if'])) {
$rule[$target] = "({$interfaces[$network_name]['if']}:network)";
if ($rule['ipprotocol'] == 'inet6') {
if ($rule['ipprotocol'] == 'inet6' && $this instanceof FilterRule && $rule['interface'] == $network_name) {
/* historically pf(4) excludes link-local on :network to avoid anti-spoof overlap */
$rule[$target] .= ',fe80::/10';
}