From eb5560d6a13a64978e9b94b74f3d79ab1b7c7c2f Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Thu, 10 Mar 2005 22:14:08 +0000 Subject: * Seperate PFSync settings into its own menu area. * Add IP address field for PFSync interface --- packages/carp_rules.php | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) (limited to 'packages/carp_rules.php') diff --git a/packages/carp_rules.php b/packages/carp_rules.php index eaf8464a..20fd5988 100644 --- a/packages/carp_rules.php +++ b/packages/carp_rules.php @@ -28,34 +28,25 @@ */ /* return if there are no carp configured items */ -//if($config['installedpackages']['carp']['config']) return; - +if($config['installedpackages']['carp']['config']) return; mwexec("/sbin/pfctl -a carp -Fr"); - /* carp records exist, lets process */ $wan_interface = get_real_wan_interface(); -$seen_sync_ints = array(); foreach($config['installedpackages']['carp']['config'] as $carp) { $ip = $carp['ipaddress']; $int = find_ip_interface($ip); $carp_int = find_carp_interface($ip); - $carp_sync_int = convert_friendly_interface_to_real_interface_name($carp['synciface']); add_rule_to_anchor("carp", "pass out quick on {$carp_int} keep state", $carp_int . "1"); - if($carp_sync_int <> "") { - $already_handled = 0; - foreach($seen_sync_ints as $si) { - if($si == $carp_sync_int) $already_handled = 1; - } - if($already_handled == 0) { - array_push($seen_sync_ints, $carp_sync_int); - add_rule_to_anchor("carp", "pass quick on {$carp_sync_int}", $carp_sync_int . "3"); - add_rule_to_anchor("carp", "pass quick on {$carp_sync_int} proto carp from {$carp_sync_int}:network to 224.0.0.18 keep state \(no-sync\)", $carp_sync_int . "2"); - } - } if($int <> false and $int <> $wan_interface) { $ipnet = convert_ip_to_network_format($ip, $carp['netmask']); $rule = "nat on {$int} inet from {$ipnet} to any -> ({$carp_int}) \n"; add_rule_to_anchor("natrules", $rule, $ip); } } +$carp_sync_int = convert_friendly_interface_to_real_interface_name($config['installedpackages']['carpsettings']['config']['pfsyncinterface']); +if($carp_sync_int <> "") { + add_rule_to_anchor("carp", "pass quick on {$carp_sync_int}", $carp_sync_int . "3"); + add_rule_to_anchor("carp", "pass quick on pfsync0", "pfsync0" . "3"); + add_rule_to_anchor("carp", "pass quick on {$carp_sync_int} proto carp from {$carp_sync_int}:network to 224.0.0.18 keep state \(no-sync\)", $carp_sync_int . "2"); +} -- cgit v1.2.3