diff options
Diffstat (limited to 'packages')
-rw-r--r-- | packages/carp_rules.php | 70 |
1 files changed, 34 insertions, 36 deletions
diff --git a/packages/carp_rules.php b/packages/carp_rules.php index adf4f387..6a8b2009 100644 --- a/packages/carp_rules.php +++ b/packages/carp_rules.php @@ -28,40 +28,38 @@ */ /* return if there are no carp configured items */ -//if($config['installedpackages']['carp']['config']) return; - -mwexec("/sbin/pfctl -a carp -Fr"); - -/* carp records exist, lets process */ -$wan_interface = get_real_wan_interface(); - -$i = 0; -$ifdescrs = array('wan', 'lan'); -for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) { - $ifdescrs['opt' . $j] = "opt" . $j; -} -foreach ($ifdescrs as $ifdescr => $ifname) { - $interface = convert_friendly_interface_to_real_interface_name($ifname); - add_rule_to_anchor("carp", "pass quick on {$interface} proto carp keep state", $interface . "carp41"); -} - -foreach($config['installedpackages']['carp']['config'] as $carp) { - $ip = $carp['ipaddress']; - $int = find_ip_interface($ip); - $carp_int = find_carp_interface($ip); - add_rule_to_anchor("carp", "pass quick on {$carp_int} proto carp from {$carp_int}:network to 224.0.0.18 keep state \(no-sync\)", $carp_int . "24"); - add_rule_to_anchor("carp", "pass out quick on {$carp_int} keep state", $carp_int . "1"); - add_rule_to_anchor("carp", "pass quick on {$carp_int} proto carp keep state", $carp_int . "41"); - if($int <> false and $int <> $wan_interface) { - $ipnet = convert_ip_to_network_format($ip, $carp['netmask']); - $rule = "nat on {$int} inet from {$ipnet} to any -> ({$carp_int}) \n"; - add_rule_to_anchor("natrules", $rule, $ip); +if($config['installedpackages']['carp']['config'] <> "") { + mwexec("/sbin/pfctl -a carp -Fr"); + /* carp records exist, lets process */ + $wan_interface = get_real_wan_interface(); + $i = 0; + $ifdescrs = array('wan', 'lan'); + for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) { + $ifdescrs['opt' . $j] = "opt" . $j; } -} -add_rule_to_anchor("carp", "pass quick on pfsync0 keep state", "pfsync0" . "3"); -foreach($config['installedpackages']['carpsettings']['config'] as $carp) -$carp_sync_int = convert_friendly_interface_to_real_interface_name($carp['pfsyncinterface']); -if($carp_sync_int <> "") { - add_rule_to_anchor("carp", "pass quick on {$carp_sync_int} keep state", $carp_sync_int . "3"); -} - + foreach ($ifdescrs as $ifdescr => $ifname) { + $interface = convert_friendly_interface_to_real_interface_name($ifname); + add_rule_to_anchor("carp", "pass quick on {$interface} proto carp keep state", $interface . "carp41"); + } + if($config['installedpackages']['carp']['config'] <> "") + foreach($config['installedpackages']['carp']['config'] as $carp) { + $ip = $carp['ipaddress']; + $int = find_ip_interface($ip); + $carp_int = find_carp_interface($ip); + add_rule_to_anchor("carp", "pass quick on {$carp_int} proto carp from {$carp_int}:network to 224.0.0.18 keep state \(no-sync\)", $carp_int . "24"); + add_rule_to_anchor("carp", "pass out quick on {$carp_int} keep state", $carp_int . "1"); + add_rule_to_anchor("carp", "pass quick on {$carp_int} proto carp keep state", $carp_int . "41"); + if($int <> false and $int <> $wan_interface) { + $ipnet = convert_ip_to_network_format($ip, $carp['netmask']); + $rule = "nat on {$int} inet from {$ipnet} to any -> ({$carp_int}) \n"; + add_rule_to_anchor("natrules", $rule, $ip); + } + } + add_rule_to_anchor("carp", "pass quick on pfsync0 keep state", "pfsync0" . "3"); + if($config['installedpackages']['carp']['config'] <> "") + foreach($config['installedpackages']['carpsettings']['config'] as $carp) + $carp_sync_int = convert_friendly_interface_to_real_interface_name($carp['pfsyncinterface']); + if($carp_sync_int <> "") { + add_rule_to_anchor("carp", "pass quick on {$carp_sync_int} keep state", $carp_sync_int . "3"); + } +}
\ No newline at end of file |