Commit 8e3d1763 authored by Ad Schellevis's avatar Ad Schellevis

(filter) move DHCPv6 client rules

parent 0b413175
......@@ -2530,20 +2530,6 @@ function filter_rules_generate(&$FilterIflist)
foreach ($FilterIflist as $on => $oc) {
if (isset($config['system']['ipv6allow']) && isset($oc['type6']) && ($oc['type6'] == "slaac" || $oc['type6'] == "dhcp6")) {
$ipfrules .= <<<EOD
# allow our DHCPv6 client out to the {$oc['descr']}
pass in {$log['pass']} quick on \${$oc['descr']} proto udp from fe80::/10 port = 546 to fe80::/10 port = 546 label "{$fix_rule_label("allow dhcpv6 client in {$oc['descr']}")}"
pass in {$log['pass']} quick on \${$oc['descr']} proto udp from any port = 547 to any port = 546 label "{$fix_rule_label("allow dhcpv6 client in {$oc['descr']}")}"
pass out {$log['pass']} quick on \${$oc['descr']} proto udp from any port = 546 to any port = 547 label "{$fix_rule_label("allow dhcpv6 client out {$oc['descr']}")}"
EOD;
}
switch (isset($oc['type']) ? $oc['type'] : null) {
case "pptp":
$ipfrules .= <<<EOD
......
......@@ -149,4 +149,25 @@ function filter_core_rules_system($fw, $defaults)
);
}
// interface configuration per type
foreach ($fw->getInterfaceMapping() as $intf => $intfinfo) {
// allow DHCPv6 client out
if (isset($config['system']['ipv6allow']) && in_array($intfinfo['ipaddrv6'], array("slaac","dhcp6"))) {
$fw->registerFilterRule(5,
array('protocol' => 'udp', 'from' => 'fe80::/10', 'from_port' => 546, 'to' => 'fe80::/10',
'interface' => $intf, 'to_port' => 546, 'label' =>'allow dhcpv6 client in ' . $intfinfo['descr']),
$defaults['pass']
);
$fw->registerFilterRule(5,
array('protocol' => 'udp', 'from_port' => 547,'to_port' => 546, 'direction' => 'in',
'interface' => $intf, 'label' =>'allow dhcpv6 client in ' . $intfinfo['descr']),
$defaults['pass']
);
$fw->registerFilterRule(5,
array('protocol' => 'udp', 'from_port' => 546,'to_port' => 547, 'direction' => 'out',
'interface' => $intf, 'label' =>'allow dhcpv6 client in ' . $intfinfo['descr']),
$defaults['pass']
);
}
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment