Bug #8360 » 8360.diff
| src/etc/inc/filter.inc | ||
|---|---|---|
| 3597 | 3597 |
} |
| 3598 | 3598 | |
| 3599 | 3599 |
$gw = get_interface_gateway($ifdescr); |
| 3600 |
if (is_ipaddrv4($gw) && is_ipaddrv4($ifcfg['ip'])) {
|
|
| 3600 |
if (is_ipaddrv4($gw) && is_ipaddrv4($ifcfg['ip']) && is_subnetv4("{$ifcfg['sa']}/{$ifcfg['sn']}")) {
|
|
| 3601 | 3601 |
$ipfrules .= "pass out {$log['pass']} route-to ( {$ifcfg['if']} {$gw} ) from {$ifcfg['ip']} to !{$ifcfg['sa']}/{$ifcfg['sn']} tracker {$increment_tracker($tracker)} keep state allow-opts label \"let out anything from firewall host itself\"\n";
|
| 3602 | 3602 |
if (is_array($ifcfg['vips'])) {
|
| 3603 | 3603 |
foreach ($ifcfg['vips'] as $vip) {
|
| ... | ... | |
| 3613 | 3613 |
$gwv6 = get_interface_gateway_v6($ifdescr); |
| 3614 | 3614 |
$stf = get_real_interface($ifdescr, "inet6"); |
| 3615 | 3615 |
$pdlen = 64 - calculate_ipv6_delegation_length($ifdescr); |
| 3616 |
if (is_ipaddrv6($gwv6) && is_ipaddrv6($ifcfg['ipv6'])) {
|
|
| 3616 |
if (is_ipaddrv6($gwv6) && is_ipaddrv6($ifcfg['ipv6']) && is_subnetv6("{$ifcfg['ipv6']}/{$pdlen}")) {
|
|
| 3617 | 3617 |
$ipfrules .= "pass out {$log['pass']} route-to ( {$stf} {$gwv6} ) inet6 from {$ifcfg['ipv6']} to !{$ifcfg['ipv6']}/{$pdlen} tracker {$increment_tracker($tracker)} keep state allow-opts label \"let out anything from firewall host itself\"\n";
|
| 3618 | 3618 |
if (is_array($ifcfg['vips6'])) {
|
| 3619 | 3619 |
foreach ($ifcfg['vips6'] as $vip) {
|