Revert "Filter, automatic rules. "let out anything from firewall host itself (force gw)" not visible, since its not bound to the interface. Although we might want to show all rules without interface as well, the gateway rule belongs to the interface as the interface address is used as from address"

This reverts commit f8d5c01a6f4ab2ef307324acd4711cd76e005827. *** Needs revert, since priority fails when bound directly on interface
2026-03-17 01:54:49 +00:00 · 2019-08-08 17:14:25 +02:00 · 2019-08-08 17:14:25 +02:00 · 7bfadb2acd
commit 7bfadb2acd
parent 234b30ffaa
1 changed files with 6 additions and 4 deletions
--- a/src/etc/inc/filter.lib.inc
+++ b/src/etc/inc/filter.lib.inc
@ -578,7 +578,7 @@ function filter_core_rules_system($fw, $defaults)
    // Our default setting has been to force traffic leaving a specific interface to use the associated gateway.
    // This behaviour can be disabled, so settings can be customized using manual firewall rules.
    if (empty($config['system']['pf_disable_force_gw'])) {
-        foreach ($fw->getInterfaceMapping() as $intf => $ifcfg) {
+        foreach ($fw->getInterfaceMapping() as $ifdescr => $ifcfg) {
            if (!isset($ifcfg['internal_dynamic']) && $ifcfg['if'] != 'lo0') {
                $intf_has_v4 = false;
                $intf_has_v6 = false;
@ -593,9 +593,11 @@ function filter_core_rules_system($fw, $defaults)
                    if (($gwproto == 'inet' && $intf_has_v4) || ($gwproto == 'inet6' && $intf_has_v6)) {
                        $fw->registerFilterRule(
                            100000,
-                            array('interface'=> $intf, 'from' => $ifcfg['if'], 'direction' => 'out',
-                            'destination' => array('network'=> $intf, "not" => true),
-                            'statetype' => 'keep', 'allowopts' => true, 'quick' => false, 'gateway' => $gwname,
+                            array('from' => $ifcfg['if'], 'direction' => 'out', 'gateway' => $gwname,
+                            'destination' => array('network'=> $ifdescr, "not" => true),
+                            'statetype' => 'keep',
+                            'allowopts' => true,
+                            'quick' => false,
                            '#ref' => 'system_advanced_firewall.php#pf_disable_force_gw',
                            'descr' => "let out anything from firewall host itself (force gw)"),
                            $defaults['pass']