diff options
| author | Chris Buechler <cmb@pfsense.org> | 2009-12-18 22:20:44 -0500 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2009-12-18 22:20:44 -0500 |
| commit | e91baab820fda7944e9a2153c8b79e90c63b968c (patch) | |
| tree | 6478cd13580846464d1179f241cfac1231b788b5 | |
| parent | a29dc11b12814a245e07321fb6ce3297157f447d (diff) | |
| download | pfsense-e91baab820fda7944e9a2153c8b79e90c63b968c.zip pfsense-e91baab820fda7944e9a2153c8b79e90c63b968c.tar.gz | |
fix reject rules to the same as in 1_2. return is valid on all rules
| -rw-r--r-- | etc/inc/filter.inc | 13 | ||||
| -rwxr-xr-x | usr/local/www/firewall_rules.php | 5 | ||||
| -rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 2 |
3 files changed, 4 insertions, 16 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 692d8e3..08b2e92 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1361,16 +1361,7 @@ function filter_generate_user_rule($rule) $type = "pass "; } if ($type == "reject") { - /* special reject packet */ - if ($rule['protocol'] == "tcp") { - $aline['type'] = "block return-rst "; - } else if ($rule['protocol'] == "udp") { - $aline['type'] = "block return-icmp "; - } else if ($rule['protocol'] == "tcp/udp") { - $aline['type'] = "block return "; - } else { - $aline['type'] = "block "; - } + $aline['type'] = "block return "; } else $aline['type'] = $type . " "; if (isset($rule['floating']) && $rule['floating'] == "yes") { @@ -2406,4 +2397,4 @@ EOD; return($ipfrules); } -?> +?>
\ No newline at end of file diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index 380a003..2d67fd5 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -369,10 +369,7 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <?php if ($filterent['type'] == "block") $iconfn = "block"; else if ($filterent['type'] == "reject") { - if ($filterent['protocol'] == "tcp" || $filterent['protocol'] == "udp" || $filterent['protocol'] == "tcp/udp") - $iconfn = "reject"; - else - $iconfn = "block"; + $iconfn = "reject"; } else $iconfn = "pass"; if (isset($filterent['disabled'])) { diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 1cb0c46..31cc90e 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -529,7 +529,7 @@ include("head.inc"); <br/> <span class="vexpl"> Choose what to do with packets that match the criteria specified below. <br/> - Hint: the difference between block and reject is that with reject, a packet (TCP RST or ICMP port unreachable for UDP) is returned to the sender, whereas with block the packet is dropped silently. In either case, the original packet is discarded. Reject only works when the protocol is set to either TCP or UDP (but not "TCP/UDP") below. + Hint: the difference between block and reject is that with reject, a packet (TCP RST or ICMP port unreachable for UDP) is returned to the sender, whereas with block the packet is dropped silently. In either case, the original packet is discarded. </span> </td> </tr> |
