lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-20 03:16:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

ipfw: Only allow for VIPs on cp interfaces

Browse Source 
Create a helper attribute 'interfaces' split on ',' later, this due to
the captiveportal zones being applicable to more than one if, separated
by ',' in the configuration.
This commit is contained in:
Fredrik Rönnvall 2019-02-10 07:50:55 +01:00
parent f49a10ca33
commit 54b9fb4874
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
View File

@ -10,7 +10,7 @@
{% for cp_intf in cp_item.interfaces.split(',') %}
{% if intf_key == cp_intf %}
{% if cp_item.enabled|default('0') == '1' %}
{% do cp_interface_list.append({'zone':cp_item.description, 'zoneid':cp_item.zoneid,'if':interface.if, 'obj':cp_item}) %}
{% do cp_interface_list.append({'zone':cp_item.description, 'zoneid':cp_item.zoneid,'if':interface.if,'interfaces':cp_item.interfaces.split(','),'obj':cp_item}) %}
{% do is_cp.append(1) %}
{% endif %}
{% endif %}
@ -115,7 +115,7 @@ add {{loop.index + 1000}} skipto 60000 icmp from any to { 255.255.255.255 or {{
# Allow traffic to this hosts VIPs
#======================================================================================
{% for item in virtualip.vip %}
{% if ':' not in item.subnet %}
{% if item.interface in cp_interface_list|sum(attribute="interfaces", start=[]) and ':' not in item.subnet %}
add {{loop.index + 2000}} skipto 60000 udp from any to {{ item.subnet }} dst-port 53 keep-state
add {{loop.index + 2000}} skipto 60000 ip from any to { 255.255.255.255 or {{item.subnet}} } in
add {{loop.index + 2000}} skipto 60000 ip from { 255.255.255.255 or {{item.subnet}} } to any out