mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-20 03:16:12 +00:00
Filter, automatic rules. "let out anything from firewall host itself (force gw)" not visible, since its not bound to the interface. Although we might want to show all rules without interface as well, the gateway rule belongs to the interface as the interface address is used as from address
This commit is contained in:
Ad Schellevis
parent
521b740338
commit
f8d5c01a6f
@ -573,7 +573,7 @@ function filter_core_rules_system($fw, $defaults)
|
||||
// Our default setting has been to force traffic leaving a specific interface to use the associated gateway.
|
||||
// This behaviour can be disabled, so settings can be customized using manual firewall rules.
|
||||
if (empty($config['system']['pf_disable_force_gw'])) {
|
||||
foreach ($fw->getInterfaceMapping() as $ifdescr => $ifcfg) {
|
||||
foreach ($fw->getInterfaceMapping() as $intf => $ifcfg) {
|
||||
if (!isset($ifcfg['internal_dynamic']) && $ifcfg['if'] != 'lo0') {
|
||||
$intf_has_v4 = false;
|
||||
$intf_has_v6 = false;
|
||||
@ -588,11 +588,9 @@ function filter_core_rules_system($fw, $defaults)
|
||||
if (($gwproto == 'inet' && $intf_has_v4) || ($gwproto == 'inet6' && $intf_has_v6)) {
|
||||
$fw->registerFilterRule(
|
||||
100000,
|
||||
array('from' => $ifcfg['if'], 'direction' => 'out', 'gateway' => $gwname,
|
||||
'destination' => array('network'=> $ifdescr, "not" => true),
|
||||
'statetype' => 'keep',
|
||||
'allowopts' => true,
|
||||
'quick' => false,
|
||||
array('interface'=> $intf, 'from' => $ifcfg['if'], 'direction' => 'out',
|
||||
'destination' => array('network'=> $intf, "not" => true),
|
||||
'statetype' => 'keep', 'allowopts' => true, 'quick' => false, 'gateway' => $gwname,
|
||||
'#ref' => 'system_advanced_firewall.php#pf_disable_force_gw',
|
||||
'descr' => "let out anything from firewall host itself (force gw)"),
|
||||
$defaults['pass']
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user