diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2008-11-12 01:20:19 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2008-11-12 01:20:19 +0000 |
| commit | 4eb3d658adf6dbfa492d23ffb87ed6e8f49a0f9a (patch) | |
| tree | c223377181a90f25943caec3d6df878d810b8d65 | |
| parent | 4697490537d1588b504b8ee75a7fbbd123ed0a86 (diff) | |
| download | pfsense-4eb3d658adf6dbfa492d23ffb87ed6e8f49a0f9a.zip pfsense-4eb3d658adf6dbfa492d23ffb87ed6e8f49a0f9a.tar.gz | |
As of pf 4.1 keep state is used automatically. Do not keep state
between statically routed subnets.
| -rw-r--r-- | etc/inc/filter.inc | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index c1ec1d8..63f9152 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2242,10 +2242,10 @@ EOD; } if ($sa) { $ipfrules .= <<<EOD -pass in on \${$oc['descr']} from {$sa}/{$sn} to {$route['network']} label "pass traffic between statically routed subnets" -pass in on \${$oc['descr']} from {$route['network']} to {$sa}/{$sn} label "pass traffic between statically routed subnets" -pass out on \${$oc['descr']} from {$sa}/{$sn} to {$route['network']} label "pass traffic between statically routed subnets" -pass out on \${$oc['descr']} from {$route['network']} to {$sa}/{$sn} label "pass traffic between statically routed subnets" +pass in on \${$oc['descr']} from {$sa}/{$sn} to {$route['network']} no state label "pass traffic between statically routed subnets" +pass in on \${$oc['descr']} from {$route['network']} to {$sa}/{$sn} no state label "pass traffic between statically routed subnets" +pass out on \${$oc['descr']} from {$sa}/{$sn} to {$route['network']} no state label "pass traffic between statically routed subnets" +pass out on \${$oc['descr']} from {$route['network']} to {$sa}/{$sn} no state label "pass traffic between statically routed subnets" EOD; } @@ -2945,4 +2945,4 @@ function return_vpn_subnet($adr) } -?> +?>
\ No newline at end of file |
