diff options
| author | Ermal Luçi <eri@pfsense.org> | 2008-02-01 21:58:21 +0000 |
|---|---|---|
| committer | Ermal Luçi <eri@pfsense.org> | 2008-02-01 21:58:21 +0000 |
| commit | 23ffac28fa63428cba69c4a29d1012e506bd7058 (patch) | |
| tree | 79dae8f8bc06d7a7f4c62cc3a7ecc4cbb78f1c4d | |
| parent | 448f4e112882bfad248af442766ad1f8654f61b3 (diff) | |
| download | pfsense-23ffac28fa63428cba69c4a29d1012e506bd7058.zip pfsense-23ffac28fa63428cba69c4a29d1012e506bd7058.tar.gz | |
Add defualt pass rule on lan interface and remove it from config.
It is a default policy so lets keep it with defaults and let the user override it when pleases.
| -rw-r--r-- | etc/inc/filter.inc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 640e2c4..ae33a5e 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2328,6 +2328,11 @@ function filter_rules_generate() { block in $log all label "Default deny rule" block out $log all label "Default deny rule" +#-------------------------------------------------------------------------- +# default LAN pass rule +#-------------------------------------------------------------------------- +pass in on \$lan from $lan:network to any keep state + # We use the mighty pf, we cannot be fooled. block quick proto { tcp, udp } from any port = 0 to any block quick proto { tcp, udp } from any to any port = 0 |
