Revision cb0a23f2
Added by Jim Pingle over 4 years ago
| src/etc/inc/system.inc | ||
|---|---|---|
| 102 | 102 |
} |
| 103 | 103 |
|
| 104 | 104 |
function activate_sysctls() {
|
| 105 |
global $config, $g, $sysctls; |
|
| 105 |
global $config, $g, $sysctls, $ipsec_filter_sysctl; |
|
| 106 |
|
|
| 107 |
if (!is_array($sysctls)) {
|
|
| 108 |
$sysctls = array(); |
|
| 109 |
} |
|
| 110 |
|
|
| 111 |
$ipsec_filtermode = empty($config['ipsec']['filtermode']) ? 'enc' : $config['ipsec']['filtermode']; |
|
| 112 |
$sysctls = array_merge($sysctls, $ipsec_filter_sysctl[$ipsec_filtermode]); |
|
| 106 | 113 |
|
| 107 | 114 |
if (is_array($config['sysctl']) && is_array($config['sysctl']['item'])) {
|
| 108 | 115 |
foreach ($config['sysctl']['item'] as $tunable) {
|
Also available in: Unified diff
Add option to set IPsec filtering mode. Implements #11395
User can choose between filtering enc (tunnel+VTI) or filtering on
assigned VTI interface tabs (VTI only, drops all tunnel mode traffic).
See https://redmine.pfsense.org/issues/11395 for details.