diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-03-22 03:39:52 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-03-22 03:39:52 +0000 |
commit | 4c359b669cf6f7c9e15b4f4c28d1c869b233e984 (patch) | |
tree | c3940ca1bccdb108ed37461e02225e9680604803 | |
parent | 9c4906ff432ba11869c166aa3954893cfbb085e1 (diff) | |
download | pfsense-4c359b669cf6f7c9e15b4f4c28d1c869b233e984.zip pfsense-4c359b669cf6f7c9e15b4f4c28d1c869b233e984.tar.gz |
* Label the outgoing rules
* Do not duplicate outgoing rules
* Move the outgoing rules to the correct location
-rw-r--r-- | etc/inc/filter.inc | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 91afc78..a7801ac 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1002,8 +1002,6 @@ function filter_rules_generate() { $ipfrules .= "pass out quick on " . $wanif . " inet proto tcp from ($wanif) to any port www flags S/SA keep state label \"transparent proxy\"\n"; } - $ipfrules .= create_firewall_outgoing_rules_to_itself(); - $ipfrules .= <<<EOD # loopback @@ -1200,10 +1198,12 @@ EOD; $ipfrules .= <<<EOD # let out anything from the firewall host itself and decrypted IPsec traffic -pass out quick on $wanif all keep state label "let out anything from firewall host itself" +# pass out quick on $wanif all keep state label "let out anything from firewall host itself" EOD; + $ipfrules .= create_firewall_outgoing_rules_to_itself(); + /* group heads for optional interfaces */ foreach ($optcfg as $on => $oc) { @@ -1709,9 +1709,9 @@ function create_firewall_outgoing_rules_to_itself() { //$rule .="pass out quick on {$int} {$replyto} all keep state\n"; /* XXX - billm: temp fix for pppoe, needs better fix */ if($config['interfaces'][$ifname]['ipaddr'] != "") - $rule .="pass out quick on {$int} {$replyto} all keep state\n"; + $rule .="pass out quick on {$int} {$replyto} all keep state label \"let out anything from firewall host itself\"\n"; else //pass out quick on vr1 all keep state - $rule .="pass out quick on {$int} {$replyto} all keep state\n"; + $rule .="pass out quick on {$int} {$replyto} all keep state label \"let out anything from firewall host itself\"\n"; } } |