Firewall, exclude virtual ipv6 interfaces and change getInterfaceMapping() to generator type in the process

2026-03-14 16:44:39 +00:00 · 2018-07-17 09:22:32 +02:00 · 2018-07-17 09:22:32 +02:00 · 939f53eff2
commit 939f53eff2
parent 2bf1200df8
4 changed files with 10 additions and 4 deletions
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@ -180,8 +180,7 @@ function filter_configure_sync($verbose = false, $flush_states = false)
    // initialize fw plugin object
    $fw = filter_core_get_initialized_plugin_system();
    filter_core_bootstrap($fw);
-    $cnfint = $fw->getInterfaceMapping();
-
+    $cnfint = iterator_to_array($fw->getInterfaceMapping());
    plugins_firewall($fw);

    if (isset($config['filter']['rule'])) {
--- a/src/etc/inc/filter.lib.inc
+++ b/src/etc/inc/filter.lib.inc
@ -489,7 +489,7 @@ function filter_core_rules_system($fw, $defaults)
        $defaults['pass']
    );
    // ipsec
-    if (!empty($fw->getInterfaceMapping()['enc0'])) {
+    if (!empty(iterator_to_array($fw->getInterfaceMapping())['enc0'])) {
        $fw->registerFilterRule(5,
          array('direction' => 'out', 'statetype' => 'keep', 'quick' => false, 'interface' => 'enc0',
                'label' =>'IPsec internal host to host'),
--- a/src/etc/inc/plugins.inc.d/pf.inc
+++ b/src/etc/inc/plugins.inc.d/pf.inc
@ -125,7 +125,7 @@ function pf_firewall($fw)
    if (isset($config['filter']['bypassstaticroutes']) && isset($config['staticroutes']['route']) &&
        count($config['staticroutes']['route'])) {
        $ifdetails = legacy_interfaces_details();
-        $intf = $fw->getInterfaceMapping();
+        $intf = iterator_to_array($fw->getInterfaceMapping());
        $GatewaysList = return_gateways_array(false, true) + return_gateway_groups_array();

        foreach (get_staticroutes() as $route) {
--- a/src/opnsense/mvc/app/library/OPNsense/Firewall/Plugin.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Firewall/Plugin.php
@ -87,6 +87,7 @@ class Plugin
                $this->interfaceMapping[$key . '_stf']['ifconfig']['ipv6'] = $intf['ifconfig']['ipv6'];
                $this->interfaceMapping[$key . '_stf']['gatewayv6'] = $intf['gatewayv6'];
                $this->interfaceMapping[$key . '_stf']['descr'] = $intf['descr'];
+                $this->interfaceMapping[$key . '_stf']['is_IPv6_override'] = true;
                // link original interface
                $intf['IPv6_override'] = $key . '_stf';
            }
@ -180,6 +181,12 @@ class Plugin
     */
    public function getInterfaceMapping()
    {
+        foreach ($this->interfaceMapping as $intfkey => $intf) {
+            // suppress virtual ipv6 interfaces
+            if (empty($intf['is_IPv6_override'])) {
+                yield $intfkey => $intf;
+            }
+        }
        return $this->interfaceMapping;
    }