lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-14 16:44:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

firewall: append missing link-local to inet6 :network selector #5528

Browse Source
This commit is contained in:
Franco Fichtner 2022-06-30 08:43:41 +02:00
parent 5cb6a89503
commit c7e67c6752
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/opnsense/mvc/app/library/OPNsense/Firewall/Rule.php
View File

@ -1,7 +1,7 @@
<?php
/*
* Copyright (C) 2017 Deciso B.V.
* Copyright (C) 2017-2022 Deciso B.V.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -246,15 +246,19 @@ abstract class Rule
$rule[$target] = 'any';
} elseif (!empty($rule[$tag]['network'])) {
$network_name = $rule[$tag]['network'];
$matches = "";
$matches = '';
if ($network_name == '(self)') {
$rule[$target] = "(self)";
$rule[$target] = $network_name;
} elseif (preg_match("/^(wan|lan|opt[0-9]+)ip$/", $network_name, $matches)) {
if (!empty($interfaces[$matches[1]]['if'])) {
$rule[$target] = "({$interfaces["{$matches[1]}"]['if']})";
$rule[$target] = "({$interfaces[$matches[1]]['if']})";
}
} elseif (!empty($interfaces[$network_name]['if'])) {
$rule[$target] = "({$interfaces[$network_name]['if']}:network)";
if ($rule['ipprotocol'] == 'inet6') {
/* historically pf(4) excludes link-local on :network to avoid anti-spoof overlap */
$rule[$target] .= ',fe80::/10';
}
} elseif (Util::isIpAddress($rule[$tag]['network']) || Util::isSubnet($rule[$tag]['network'])) {
$rule[$target] = $rule[$tag]['network'];
} elseif (Util::isAlias($rule[$tag]['network'])) {