* Add denyinterfaces option.

* Deny WAN by default

2 files changed, 22 insertions, 0 deletions

diff --git a/packages/avahi/avahi.inc b/packages/avahi/avahi.inc
index 364ded51..ccbc2589 100644
--- a/packages/avahi/avahi.inc
+++ b/packages/avahi/avahi.inc
@@ -55,6 +55,7 @@ function setup_avahi() {
 	$domain = $config['system']['domain'];
 	$enable = $config['installedpackages']['avahi']['config'][0]['enable'];
 	$browsedomains = $config['installedpackages']['avahi']['config'][0]['browsedomains'];
+	$denyif = $config['installedpackages']['avahi']['config'][0]['denyinterfaces'];
 
 	// Is package disabled?
 	if(!$enable) {
@@ -70,6 +71,19 @@ function setup_avahi() {
 	if(!$browsedomains)
 		$browsedomains = "local, 0pointer.de, zeroconf.org";
 
+	// Never pass along WAN.  Bad.
+	$denyinterfaces = $config['interfaces']['wan']['if'];
+
+	// Process interfaces defined by user to deny.
+	if($denyif) {
+		$if = split(",", $denyif);
+		foreach($if as $i) {
+			$ifreal = convert_friendly_interface_to_real_interface_name($i);
+			if($ifreal)
+				$denyinterfaces .= ", " . $ifreal;
+		}
+	}
+
 	// Construct the avahi configuration
 	$avahiconfig   = <<<EOF
 
@@ -81,6 +95,7 @@ function setup_avahi() {
 host-name={$hostname}
 domain-name={$domain}
 browse-domains={$browsedomains}
+deny-interfaces={$denyinterfaces}
 use-ipv4=yes
 use-ipv6=no
 enable-dbus=no
diff --git a/packages/avahi/avahi.xml b/packages/avahi/avahi.xml
index d393fc50..4d27a9db 100644
--- a/packages/avahi/avahi.xml
+++ b/packages/avahi/avahi.xml
@@ -68,6 +68,13 @@
 			<description>Enter the domains that you would like proxied. (example: local, pfsense.org, mydomain.com)</description>
 			<type>input</type>
 		</field>
+		<field>
+			<fielddescr>Deny interfaces</fielddescr>
+			<fieldname>denyinterfaces</fieldname>
+			<description>Interfaces that you do NOT want Avahi to listen on.  NOTE: WAN is disabled by default.</description>
+			<type>interfaces_selection</type>
+			<multiple>true</multiple>
+		</field>
 	</fields>
 	<custom_add_php_command>
 		setup_avahi();