lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-15 17:14:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

interfaces: do not flush states on clear

Browse Source 
flushed states are propagated to pfsync, which means a machine
in backup state is still vulnerable to any event that hooks
into the interface_bring_down logic on the primary machine.
This commit is contained in:
Stephan de Wit 2023-10-19 11:34:23 +02:00
parent eecc882825
commit 24b5fdc42e
1 changed files with 0 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/opnsense/scripts/interfaces/ifctl.sh
View File

@ -138,11 +138,6 @@ if [ "${DO_COMMAND}" = "-c" ]; then
# legacy behaviour originating from interface_bring_down()
/usr/sbin/arp -d -i ${IF} -a
# XXX maybe we do not have to kill states at all
if [ -n "${HAVE_ROUTE}" ]; then
/sbin/pfctl -i ${IF} -Fs
fi
exit 0
elif [ "${DO_COMMAND}" = "-O" ]; then
if [ -z "${IF}" ]; then