lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-17 01:54:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

firewall: also exclude reply-to and route-to

Browse Source 
PR: https://forum.opnsense.org/index.php?topic=29554.0
This commit is contained in:
Franco Fichtner 2022-07-31 13:08:16 +02:00
parent c21cafa924
commit b5bda2bda4
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/opnsense/mvc/app/library/OPNsense/Firewall/Rule.php
View File

@ -255,9 +255,11 @@ abstract class Rule
}
} elseif (!empty($interfaces[$network_name]['if'])) {
$rule[$target] = "({$interfaces[$network_name]['if']}:network)";
if ($rule['ipprotocol'] == 'inet6' && $this instanceof FilterRule && $rule['interface'] == $network_name) {
/* historically pf(4) excludes link-local on :network to avoid anti-spoof overlap */
$rule[$target] .= ',fe80::/10';
if ($rule['ipprotocol'] == 'inet6' && $rule['interface'] == $network_name) {
if ($this instanceof FilterRule && empty($rule['gateway']) && empty($rule['reply'])) {
/* historically pf(4) excludes link-local on :network to avoid anti-spoof overlap */
$rule[$target] .= ',fe80::/10';
}
}
} elseif (Util::isIpAddress($rule[$tag]['network']) || Util::isSubnet($rule[$tag]['network'])) {
$rule[$target] = $rule[$tag]['network'];