lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-20 11:26:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

filter / advanced, bypassstaticroutes missing ipprotocol, only add enabled static routes. related to https://github.com/opnsense/core/issues/1774

Browse Source
This commit is contained in:
Ad Schellevis 2017-12-08 18:27:51 +01:00
parent c3fbe5e911
commit 6d5857191f
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/etc/inc/plugins.inc.d/pf.inc
View File

@ -109,7 +109,7 @@ function pf_firewall($fw)
foreach (get_staticroutes() as $route) {
$friendly = $GatewaysList[$route['gateway']]['friendlyiface'];
if (!empty($intf[$friendly])) {
if (!empty($intf[$friendly]) && empty($route['disabled'])) {
$routeent = explode("/", $route['network']);
if (is_ipaddrv4($routeent[0]) && empty($ifdetails[$intf[$friendly]['if']]['ipv4'])) {
continue;
@ -122,16 +122,17 @@ function pf_firewall($fw)
$networks = array();
$networks[] = array('from' => $intf[$friendly]['if'].":network", 'to' => $route['network']);
$networks[] = array('to' => $intf[$friendly]['if'].":network", 'from' => $route['network']);
$proto = strpos($route['network'], ":") !== false ? "inet6" : "inet";
foreach ($networks as $network) {
$fw->registerFilterRule(10,
array('interface' => $friendly, 'statetype' => 'sloppy',
array('interface' => $friendly, 'statetype' => 'sloppy', 'ipprotocol' => $proto,
'protocol' => 'tcp','flags' => 'any', 'from' => $network['from'],
'to' => $network['to'], 'quick' => false,
'label' => "pass traffic between statically routed subnets"),
$defaults['pass']
);
$fw->registerFilterRule(10,
array('interface' => $friendly, 'statetype' => 'sloppy',
array('interface' => $friendly, 'statetype' => 'sloppy', 'ipprotocol' => $proto,
'from' => $network['from'],'to' => $network['to'], 'quick' => false,
'label' => "pass traffic between statically routed subnets"),
$defaults['pass']