From f49a10ca332206c5ae4fc3feeba2467ac57ea65d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fredrik=20R=C3=B6nnvall?= <fredronn@gmail.com>
Date: Sat, 9 Feb 2019 09:21:02 +0100
Subject: [PATCH] Allow access to this hosts configured VIPs

---
 .../service/templates/OPNsense/IPFW/ipfw.conf       | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf b/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
index 8432a3c3e..913a1e277 100644
--- a/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
+++ b/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
@@ -111,6 +111,19 @@ add {{loop.index  + 1000}} skipto 60000 icmp from any to { 255.255.255.255 or {{
 {% endif %}
 {% endfor %}
 
+#======================================================================================
+# Allow traffic to this hosts VIPs
+#======================================================================================
+{% for item in virtualip.vip %}
+{% if ':' not in item.subnet %}
+add {{loop.index  + 2000}} skipto 60000 udp from any to {{ item.subnet }} dst-port 53 keep-state
+add {{loop.index  + 2000}} skipto 60000 ip from any to { 255.255.255.255 or {{item.subnet}} } in
+add {{loop.index  + 2000}} skipto 60000 ip from { 255.255.255.255 or {{item.subnet}} } to any out
+add {{loop.index  + 2000}} skipto 60000 icmp from { 255.255.255.255 or {{item.subnet}} } to any out icmptypes 0
+add {{loop.index  + 2000}} skipto 60000 icmp from any to { 255.255.255.255 or {{item.subnet}} } in icmptypes 8
+{% endif %}
+{% endfor %}
+
 {% for item in cp_interface_list %}
 #===================================================================================
 # zone {{item.zone}} ({{item.zoneid}}) / {{item.if}} configuration