lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-16 17:44:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

(filter) move DHCPv6 client rules

Browse Source
This commit is contained in:
Ad Schellevis 2016-11-03 16:51:25 +01:00
parent 0b4131752a
commit 8e3d1763ef
2 changed files with 21 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/etc/inc/filter.inc
View File

@ -2530,20 +2530,6 @@ function filter_rules_generate(&$FilterIflist)
foreach ($FilterIflist as $on => $oc) {
if (isset($config['system']['ipv6allow']) && isset($oc['type6']) && ($oc['type6'] == "slaac" || $oc['type6'] == "dhcp6")) {
$ipfrules .= <<<EOD
# allow our DHCPv6 client out to the {$oc['descr']}
pass in {$log['pass']} quick on \${$oc['descr']} proto udp from fe80::/10 port = 546 to fe80::/10 port = 546 label "{$fix_rule_label("allow dhcpv6 client in {$oc['descr']}")}"
pass in {$log['pass']} quick on \${$oc['descr']} proto udp from any port = 547 to any port = 546 label "{$fix_rule_label("allow dhcpv6 client in {$oc['descr']}")}"
pass out {$log['pass']} quick on \${$oc['descr']} proto udp from any port = 546 to any port = 547 label "{$fix_rule_label("allow dhcpv6 client out {$oc['descr']}")}"
EOD;
}
switch (isset($oc['type']) ? $oc['type'] : null) {
case "pptp":
$ipfrules .= <<<EOD

21
src/etc/inc/filter.lib.inc
View File

@ -149,4 +149,25 @@ function filter_core_rules_system($fw, $defaults)
);
}
// interface configuration per type
foreach ($fw->getInterfaceMapping() as $intf => $intfinfo) {
// allow DHCPv6 client out
if (isset($config['system']['ipv6allow']) && in_array($intfinfo['ipaddrv6'], array("slaac","dhcp6"))) {
$fw->registerFilterRule(5,
array('protocol' => 'udp', 'from' => 'fe80::/10', 'from_port' => 546, 'to' => 'fe80::/10',
'interface' => $intf, 'to_port' => 546, 'label' =>'allow dhcpv6 client in ' . $intfinfo['descr']),
$defaults['pass']
);
$fw->registerFilterRule(5,
array('protocol' => 'udp', 'from_port' => 547,'to_port' => 546, 'direction' => 'in',
'interface' => $intf, 'label' =>'allow dhcpv6 client in ' . $intfinfo['descr']),
$defaults['pass']
);
$fw->registerFilterRule(5,
array('protocol' => 'udp', 'from_port' => 546,'to_port' => 547, 'direction' => 'out',
'interface' => $intf, 'label' =>'allow dhcpv6 client in ' . $intfinfo['descr']),
$defaults['pass']
);
}
}
}