Do not pass traffic on user proxy which can cause deadlocks in freebsd

1 files changed, 3 insertions, 3 deletions

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 855b3fe..e5c7cd4 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -2853,7 +2853,7 @@ EOD;
 
 pass in quick on $lanif inet proto tcp from any to \$loopback port 8021 keep state label "FTP PROXY: Allow traffic to localhost"
 pass in quick on $lanif inet proto tcp from any to \$loopback port 21 keep state label "FTP PROXY: Allow traffic to localhost"
-pass in quick on $wanif inet proto tcp from port 20 to ($wanif) port > 49000 user proxy flags S/SA keep state label "FTP PROXY: PASV mode data connection"
+pass in quick on $wanif inet proto tcp from port 20 to ($wanif) port > 49000 flags S/SA keep state label "FTP PROXY: PASV mode data connection"
 
 EOD;
 
@@ -2879,7 +2879,7 @@ EOD;
 # be sourced from the command port - 1 (typically port 20)
 # This workaround doesn't expose us to any extra risk as we'll still only allow
 # connections to the firewall on a port that ftp-proxy is listening on
-pass in quick on $wanif inet proto tcp from any to ($wanif) port > 49000 user proxy flags S/SA keep state label "FTP PROXY: RFC959 violation workaround"
+pass in quick on $wanif inet proto tcp from any to ($wanif) port > 49000 flags S/SA keep state label "FTP PROXY: RFC959 violation workaround"
 
 EODEOD;
 
@@ -2887,7 +2887,7 @@ EODEOD;
 			generate_optcfg_array($optcfg);
 			foreach($optcfg as $oc) {
 				if($oc['gateway'] <> "")
-					$ipfrules .= "pass in quick on {$oc['if']} inet proto tcp from any to ({$oc['if']}) port > 49000 user proxy flags S/SA keep state label \"FTP PROXY: RFC959 violation workaround\" \n";
+					$ipfrules .= "pass in quick on {$oc['if']} inet proto tcp from any to ({$oc['if']}) port > 49000 flags S/SA keep state label \"FTP PROXY: RFC959 violation workaround\" \n";
 			}
 		}
 	}