diff options
| author | Ermal Luçi <eri@pfsense.org> | 2009-10-08 21:56:18 +0000 |
|---|---|---|
| committer | Ermal Luçi <eri@pfsense.org> | 2009-10-08 21:56:18 +0000 |
| commit | 77514a75122de47e6f877a3f80d7ae54c24270f8 (patch) | |
| tree | 18094e17d9fe7b616b10de7eb32a68073e39decc | |
| parent | 0ee17602a5e26f88b8ebef47d9743cdc1702735e (diff) | |
| download | pfsense-77514a75122de47e6f877a3f80d7ae54c24270f8.zip pfsense-77514a75122de47e6f877a3f80d7ae54c24270f8.tar.gz | |
Do not use state on the CP authentication port. This is necessary since the fwd from layer 2 being done with the latest code will break the mechanism that pf keeps state.
| -rw-r--r-- | etc/inc/filter.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 5b2da51..a5eb633 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1584,7 +1584,7 @@ function filter_rules_generate() if (count($cpiplist) > 0 && count($cpiflist) > 0) { $cpinterface = implode(" ", $cpiflist); $cpaddresses = implode(" ", $cpiplist); - $ipfrules .= "pass in quick on {$cpinterface} proto tcp from any to {$cpaddresses} port { 8000 8001 } keep state\n"; + $ipfrules .= "pass in quick on {$cpinterface} proto tcp from any to {$cpaddresses} port { 8000 8001 } no state\n"; } } /* relayd */ @@ -2312,4 +2312,4 @@ EOD; return($ipfrules); } -?>
\ No newline at end of file +?> |
