diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-03-04 00:25:01 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-03-04 00:25:01 +0000 |
commit | bd4469ce7040095cb7f3c971019264c91dd1bbf9 (patch) | |
tree | be3004773c8ed6eb0783bb339376cb336311bcb7 | |
parent | 65465a3ce2b0e17c0cc0b8556a7bab30150169bf (diff) | |
download | pfsense-bd4469ce7040095cb7f3c971019264c91dd1bbf9.zip pfsense-bd4469ce7040095cb7f3c971019264c91dd1bbf9.tar.gz |
Move ssh-disable rule to end of the ruleset.
-rw-r--r-- | etc/inc/filter.inc | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 3403374..39ff5e9 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -918,8 +918,6 @@ function filter_rules_generate() { # BEGIN OF firewall rules $ipfrules="anchor \"firewallrules\"\n"; - $ipfrules .= "block in log quick from <sshlockout> to any 22 label \"sshlockout\"\n\n"; - for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { $oc = $config['interfaces']['opt' . $i]; @@ -1550,6 +1548,8 @@ EOD; $ipfrules .= $line; } + $ipfrules .= "block in log quick from <sshlockout> to any 22 label \"sshlockout\"\n\n"; + $i++; } @@ -1638,9 +1638,9 @@ function create_firewall_outgoing_rules_to_itself() { if($config['interfaces'][$ifname]['ipaddr'] != "") $rule .="pass out quick on {$int} inet from {$int} to any keep state\n"; else - $rule .="pass out quick on {$int} inet from ({$int}) to any keep state\n"; + $rule .="pass out quick on {$int} inet from ({$int}) to any keep state\n"; } - + } return $rule; } |