Revision 7d5b8f4a
Added by Seth Mos over 18 years ago
| etc/inc/filter.inc | ||
|---|---|---|
| 2635 | 2635 |
for($x=0; $x<100; $x++) {
|
| 2636 | 2636 |
if(does_interface_exist("tun{$x}") == true) {
|
| 2637 | 2637 |
$rule .="pass out quick on tun{$x} all keep state label \"let out anything from firewall host itself openvpn\"\n";
|
| 2638 |
$rule .="pass in quick on tun{$x} all keep state label \"let out anything from firewall host itself openvpn\"\n";
|
|
| 2638 |
$friendlytunif = convert_real_interface_to_friendly_interface_name("tun{$x}");
|
|
| 2639 |
/* If the interface has a gateway we do not add a pass in rule. */ |
|
| 2640 |
/* Some people use a TUN tunnel with public IP as a Multiwan interface */ |
|
| 2641 |
if(isset($config['interfaces'][$friendlytunif]['gateway'])) {
|
|
| 2642 |
$rule .= "# Not adding default pass in rule for interface $friendlytunif - tun{$x} with a gateway!";
|
|
| 2643 |
} else {
|
|
| 2644 |
$rule .="pass in quick on tun{$x} all keep state label \"let out anything from firewall host itself openvpn\"\n";
|
|
| 2645 |
} |
|
| 2639 | 2646 |
} |
| 2640 | 2647 |
} |
| 2641 | 2648 |
for($x=0; $x<100; $x++) {
|
| 2642 | 2649 |
if(does_interface_exist("tap{$x}") == true) {
|
| 2643 | 2650 |
$rule .="pass out quick on tap{$x} all keep state label \"let out anything from firewall host itself openvpn\"\n";
|
| 2644 |
$rule .="pass in quick on tap{$x} all keep state label \"let out anything from firewall host itself openvpn\"\n";
|
|
| 2651 |
$friendlytapif = convert_real_interface_to_friendly_interface_name("tap{$x}");
|
|
| 2652 |
/* If the interface has a gateway we do not add a pass in rule. */ |
|
| 2653 |
/* Some people use a TAP tunnel with public IP as a Multiwan interface */ |
|
| 2654 |
if(isset($config['interfaces'][$friendlytapif]['gateway'])) {
|
|
| 2655 |
$rule .= "# Not adding default pass in rule for interface $friendlytapif - tap{$x} with a gateway!";
|
|
| 2656 |
} else {
|
|
| 2657 |
$rule .="pass in quick on tap{$x} all keep state label \"let out anything from firewall host itself openvpn\"\n";
|
|
| 2658 |
} |
|
| 2645 | 2659 |
} |
| 2646 | 2660 |
} |
| 2647 | 2661 |
|
Also available in: Unified diff
Do no install default pass in rules for openvpn interfaces with a
gateway.