go back to scrub rather than "scrub in", the latter breaks MSS clamping for egress traffic the way we use it.

1 files changed, 3 insertions, 3 deletions

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index dc7ba96..e497341 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -427,7 +427,7 @@ function filter_generate_scrubing() {
 		if (!empty($config['system']['maxmss']))
 			$maxmss = $config['system']['maxmss'];
 
-		$scrubrules .= "scrub in from any to <vpn_networks> max-mss {$maxmss}\n";
+		$scrubrules .= "scrub from any to <vpn_networks> max-mss {$maxmss}\n";
 	}
 	/* disable scrub option */
 	foreach ($FilterIflist as $scrubif => $scrubcfg) {
@@ -449,9 +449,9 @@ function filter_generate_scrubing() {
 		else
 			$scrubrnid = "";
 		if(!isset($config['system']['disablescrub']))
-			$scrubrules .= "scrub in on \${$scrubcfg['descr']} all {$scrubnodf} {$scrubrnid} {$mssclamp} fragment reassemble\n"; // reassemble all directions
+			$scrubrules .= "scrub on \${$scrubcfg['descr']} all {$scrubnodf} {$scrubrnid} {$mssclamp} fragment reassemble\n"; // reassemble all directions
 		else if(!empty($mssclamp))
-			$scrubrules .= "scrub in on \${$scrubcfg['descr']} {$mssclamp}\n";
+			$scrubrules .= "scrub on \${$scrubcfg['descr']} {$mssclamp}\n";
 	}
 	return $scrubrules;
 }