From 8e3d1763ef15bc9b4cb56310d32279fdafa7eaf1 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Thu, 3 Nov 2016 16:51:25 +0100
Subject: [PATCH] (filter) move DHCPv6 client rules

---
 src/etc/inc/filter.inc     | 14 --------------
 src/etc/inc/filter.lib.inc | 21 +++++++++++++++++++++
 2 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
index 87adef9cc..2d6e5e243 100644
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -2530,20 +2530,6 @@ function filter_rules_generate(&$FilterIflist)
 
     foreach ($FilterIflist as $on => $oc) {
 
-
-      if (isset($config['system']['ipv6allow']) && isset($oc['type6']) && ($oc['type6'] == "slaac" || $oc['type6'] == "dhcp6")) {
-          $ipfrules .= <<<EOD
-# allow our DHCPv6 client out to the {$oc['descr']}
-pass in {$log['pass']} quick on \${$oc['descr']} proto udp from fe80::/10 port = 546 to fe80::/10 port = 546  label "{$fix_rule_label("allow dhcpv6 client in {$oc['descr']}")}"
-pass in {$log['pass']} quick on \${$oc['descr']} proto udp from any port = 547 to any port = 546 label "{$fix_rule_label("allow dhcpv6 client in {$oc['descr']}")}"
-pass out {$log['pass']} quick on \${$oc['descr']} proto udp from any port = 546 to any port = 547 label "{$fix_rule_label("allow dhcpv6 client out {$oc['descr']}")}"
-
-EOD;
-    }
-
-
-
-
       switch (isset($oc['type']) ? $oc['type'] : null) {
         case "pptp":
             $ipfrules .= <<<EOD
diff --git a/src/etc/inc/filter.lib.inc b/src/etc/inc/filter.lib.inc
index 21aa68a50..399a31f98 100644
--- a/src/etc/inc/filter.lib.inc
+++ b/src/etc/inc/filter.lib.inc
@@ -149,4 +149,25 @@ function filter_core_rules_system($fw, $defaults)
         );
     }
 
+    // interface configuration per type
+    foreach ($fw->getInterfaceMapping() as $intf => $intfinfo) {
+        // allow DHCPv6 client out
+        if (isset($config['system']['ipv6allow']) && in_array($intfinfo['ipaddrv6'], array("slaac","dhcp6"))) {
+            $fw->registerFilterRule(5,
+              array('protocol' => 'udp', 'from' => 'fe80::/10', 'from_port' => 546, 'to' => 'fe80::/10',
+                    'interface' => $intf, 'to_port' => 546, 'label' =>'allow dhcpv6 client in ' . $intfinfo['descr']),
+              $defaults['pass']
+            );
+            $fw->registerFilterRule(5,
+              array('protocol' => 'udp', 'from_port' => 547,'to_port' => 546, 'direction' => 'in',
+                    'interface' => $intf, 'label' =>'allow dhcpv6 client in ' . $intfinfo['descr']),
+              $defaults['pass']
+            );
+            $fw->registerFilterRule(5,
+              array('protocol' => 'udp', 'from_port' => 546,'to_port' => 547, 'direction' => 'out',
+                    'interface' => $intf, 'label' =>'allow dhcpv6 client in ' . $intfinfo['descr']),
+              $defaults['pass']
+            );
+        }
+    }
 }