summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2011-08-30 16:18:29 +0000
committerErmal <eri@pfsense.org>2011-08-30 16:18:29 +0000
commitcde671805cccb380e60acb35374a23d3a7f48a99 (patch)
tree9216ff16437d74549d011085e0e5496f39a3cdd6
parentfcf07bb76fb58556bee76f4e3898ee769b2785d5 (diff)
downloadpfsense-cde671805cccb380e60acb35374a23d3a7f48a99.zip
pfsense-cde671805cccb380e60acb35374a23d3a7f48a99.tar.gz
Make the webConfigurator lockout rule to catch even edp protocol so that xmlrpc bruteforce is caught as well.
-rw-r--r--etc/inc/filter.inc2
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 18e5067..3e1a40b 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -2129,7 +2129,7 @@ EOD;
$webConfiguratorlockoutport = $config['system']['webgui']['port'];
}
if($webConfiguratorlockoutport)
- $ipfrules .= "block in log quick proto tcp from <webConfiguratorlockout> to any port {$webConfiguratorlockoutport} label \"webConfiguratorlockout\"\n";
+ $ipfrules .= "block in log quick proto { tcp udp } from <webConfiguratorlockout> to any port {$webConfiguratorlockoutport} label \"webConfiguratorlockout\"\n";
/*
* Support for allow limiting of TCP connections by establishment rate
OpenPOWER on IntegriCloud