From 7bfadb2acd4660b05d11059152dec7d88a90b288 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Thu, 8 Aug 2019 17:14:25 +0200
Subject: [PATCH] Revert "Filter, automatic rules. "let out anything from
 firewall host itself (force gw)" not visible, since its not bound to the
 interface. Although we might want to show all rules without interface as
 well, the gateway rule belongs to the interface as the interface address is
 used as from address"

This reverts commit f8d5c01a6f4ab2ef307324acd4711cd76e005827.

*** Needs revert, since priority fails when bound directly on interface
---
 src/etc/inc/filter.lib.inc | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/etc/inc/filter.lib.inc b/src/etc/inc/filter.lib.inc
index 495dedb10..f3f623ba2 100644
--- a/src/etc/inc/filter.lib.inc
+++ b/src/etc/inc/filter.lib.inc
@@ -578,7 +578,7 @@ function filter_core_rules_system($fw, $defaults)
     // Our default setting has been to force traffic leaving a specific interface to use the associated gateway.
     // This behaviour can be disabled, so settings can be customized using manual firewall rules.
     if (empty($config['system']['pf_disable_force_gw'])) {
-        foreach ($fw->getInterfaceMapping() as $intf => $ifcfg) {
+        foreach ($fw->getInterfaceMapping() as $ifdescr => $ifcfg) {
             if (!isset($ifcfg['internal_dynamic']) && $ifcfg['if'] != 'lo0') {
                 $intf_has_v4 = false;
                 $intf_has_v6 = false;
@@ -593,9 +593,11 @@ function filter_core_rules_system($fw, $defaults)
                     if (($gwproto == 'inet' && $intf_has_v4) || ($gwproto == 'inet6' && $intf_has_v6)) {
                         $fw->registerFilterRule(
                             100000,
-                            array('interface'=> $intf, 'from' => $ifcfg['if'], 'direction' => 'out',
-                            'destination' => array('network'=> $intf, "not" => true),
-                            'statetype' => 'keep', 'allowopts' => true, 'quick' => false, 'gateway' => $gwname,
+                            array('from' => $ifcfg['if'], 'direction' => 'out', 'gateway' => $gwname,
+                            'destination' => array('network'=> $ifdescr, "not" => true),
+                            'statetype' => 'keep',
+                            'allowopts' => true,
+                            'quick' => false,
                             '#ref' => 'system_advanced_firewall.php#pf_disable_force_gw',
                             'descr' => "let out anything from firewall host itself (force gw)"),
                             $defaults['pass']