From 894a0159a011a68df51f3d58df638b7db484899c Mon Sep 17 00:00:00 2001 From: Ermal Date: Mon, 10 Nov 2014 17:03:43 +0100 Subject: [PATCH] Tighten checks here to avoid overriding the default gw with garbage --- etc/inc/gwlb.inc | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index c2c61d066..e0d4c2dc5 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -732,7 +732,8 @@ function fixup_default_gateway($ipprotocol, $gateways_status, $gateways_arr) { * NOTE: The code below is meant to replace the default gateway when it goes down. * This facilitates services running on pfSense itself and are not handled by a PBR to continue working. */ - $upgw = ""; + $upgw = ''; + $dfltgwname = ''; $dfltgwdown = false; $dfltgwfound = false; foreach ($gateways_arr as $gwname => $gwsttng) { @@ -766,15 +767,14 @@ function fixup_default_gateway($ipprotocol, $gateways_status, $gateways_arr) { } mwexec("/sbin/route change {$inetfamily} default {$gateways_arr[$upgw]['gateway']}"); } - } else { + } else if (!empty($dftgwname)) { $defaultgw = trim(exec("/sbin/route -n get -{$ipprotocol} default | /usr/bin/awk '/gateway:/ {print $2}'"), " \n"); - if(is_ipaddrv6($gateways_arr[$dfltgwname]['gateway'])) { - $inetfamily = "-inet6"; - } else { - $inetfamily = "-inet"; - } + if ($ipprotocol == 'inet6' && !is_ipaddrv6($gateways_arr[$dfltgwname]['gateway'])) + return; + if ($ipprotocol == 'inet' && !is_ipaddrv4($gateways_arr[$dfltgwname]['gateway'])) + return; if ($defaultgw != $gateways_arr[$dfltgwname]['gateway']) - mwexec("/sbin/route change {$inetfamily} default {$gateways_arr[$dfltgwname]['gateway']}"); + mwexec("/sbin/route change -{$ipprotocol} default {$gateways_arr[$dfltgwname]['gateway']}"); } }