From 3fe7b5f060d7a3bfd26475fd8ab78e47b0f0675b Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Tue, 23 Mar 2021 20:04:40 +0100
Subject: [PATCH] firewall: resolve IPs in kernel for force gw rule

PR: https://forum.opnsense.org/index.php?topic=22214.0
---
 src/etc/inc/filter.lib.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/etc/inc/filter.lib.inc b/src/etc/inc/filter.lib.inc
index 43c84587d..a7d0a6d68 100644
--- a/src/etc/inc/filter.lib.inc
+++ b/src/etc/inc/filter.lib.inc
@@ -607,7 +607,7 @@ function filter_core_rules_system($fw, $defaults)
                     if (($gwproto == 'inet' && $intf_has_v4) || ($gwproto == 'inet6' && $intf_has_v6)) {
                         $fw->registerFilterRule(
                             100000,
-                            array('from' => $ifcfg['if'], 'direction' => 'out', 'gateway' => $gwname,
+                            array('from' => "({$ifcfg['if']})", 'direction' => 'out', 'gateway' => $gwname,
                             'destination' => array('network' => $ifdescr, "not" => true),
                             'statetype' => 'keep',
                             'allowopts' => true,