firewall: fixup prio texts and enable relevant sysctl for FreeBSD 13

It only reads or writes VLAN header priority code points. While here inline the forwarding sysctls instead of setting them all the time. PR: https://forum.opnsense.org/index.php?topic=24756.0
opnsense · Sep 15, 2021 · d2291d2 · d2291d2
1 parent 35ec0ae
commit d2291d2
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 7 deletions.
diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc
@@ -90,6 +90,7 @@ function get_default_sysctl_value($id)
         'net.inet.icmp.log_redirect' => '0',
         'net.inet.icmp.reply_from_interface' => '1',
         'net.inet.ip.accept_sourceroute' => '0',
+        'net.inet.ip.forwarding' => '1',
         'net.inet.ip.intr_queue_maxlen' => '1000',
         'net.inet.ip.portrange.first' => '1024',
         'net.inet.ip.random_id' => '1',
@@ -106,6 +107,7 @@ function get_default_sysctl_value($id)
         'net.inet.udp.blackhole' => '1',
         'net.inet.udp.checksum' => 1,
         'net.inet.udp.maxdgram' => '57344',
+        'net.inet6.ip6.forwarding' => '1',
         'net.inet6.ip6.prefer_tempaddr' => '0',
         'net.inet6.ip6.redirect' => '1',
         'net.inet6.ip6.use_tempaddr' => '0',
@@ -114,6 +116,7 @@ function get_default_sysctl_value($id)
         'net.link.bridge.pfil_member' => '1',
         'net.link.bridge.pfil_onlyip' => '0',
         'net.link.tap.user_open' => '1',
+        'net.link.vlan.mtag_pcp' => '1',
         'net.local.dgram.maxdgram' => '8192',
         'security.bsd.see_other_gids' => '0',
         'security.bsd.see_other_uids' => '0',
@@ -140,6 +143,9 @@ function system_sysctl_get()
         'net.enc.out.ipsec_bpf_mask' => 'default',
         'net.enc.out.ipsec_filter_mask' => 'default',
         'net.inet.icmp.reply_from_interface' => 'default',
+        'net.inet.ip.forwarding' => 'default',
+        'net.inet6.ip6.forwarding' => 'default',
+        'net.link.vlan.mtag_pcp' => 'default',
         'net.local.dgram.maxdgram' => 'default',
     );
 
@@ -509,11 +515,6 @@ function system_routing_configure($verbose = false, $interface = '')
 
     system_staticroutes_configure($interface);
 
-    set_sysctl(array(
-        'net.inet.ip.forwarding' => '1',
-        'net.inet6.ip6.forwarding' => '1',
-    ));
-
     if ($verbose) {
         echo "done.\n";
     }

diff --git a/src/www/firewall_rules_edit.php b/src/www/firewall_rules_edit.php
@@ -1415,7 +1415,7 @@ function is_posnumericint($arg) {
                               </tr>
                           </table>
                           <div class="hidden" data-for="help_for_set-prio">
-                              <?= gettext('Set the priority of packets matching this rule. If both priorities are set here, packets with a TOS of "lowdelay" or TCP ACKs with no data payload will be assigned the latter. If the packets are transmitted on a VLAN interface, the queueing priority will be written as the priority code point in the 802.1Q VLAN header.') ?>
+                              <?= gettext('Set the priority code point in a 802.1Q VLAN header of packets matching this rule. If both priorities are set here, packets with a TOS of "lowdelay" or TCP ACKs with no data payload will be assigned the latter.') ?>
                           </div>
                     </td>
                   </tr>
@@ -1429,7 +1429,7 @@ function is_posnumericint($arg) {
 <?php endforeach ?>
                         </select>
                         <div class="hidden" data-for="help_for_prio">
-                          <?=gettext('Match on the priority of packets.');?>
+                          <?=gettext('Only match packets which have the given queueing priority assigned.');?>
                         </div>
                       </td>
                   </tr>