diff options
| author | sullrich <sullrich@pfsense.org> | 2009-11-29 18:46:19 -0500 |
|---|---|---|
| committer | sullrich <sullrich@pfsense.org> | 2009-11-29 18:46:19 -0500 |
| commit | e910d203cfa021a794f922fec7fbed847a40ddd6 (patch) | |
| tree | a6a19f7fbaafafd715c0062cb5f3bc77af608b2a | |
| parent | c1fdf37f58b264d7ce7ff685e4c7cbc53e8dfd3b (diff) | |
| download | pfsense-e910d203cfa021a794f922fec7fbed847a40ddd6.zip pfsense-e910d203cfa021a794f922fec7fbed847a40ddd6.tar.gz | |
Lock out SSH going to LANIPS. Use correct SSH port if custom port is defined.
| -rw-r--r-- | etc/inc/filter.inc | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index a9e66f1..306367c 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1693,8 +1693,13 @@ EOD; $ipfrules .= "block in log quick proto tcp from <sshlockout> to any port "; $ipfrules .= $config['system']['ssh']['port']; $ipfrules .= " label \"sshlockout\"\n"; - } else - $ipfrules .= "block in log quick proto tcp from <sshlockout> to any port 22 label \"sshlockout\"\n"; + } else { + if($config['system']['ssh']['port'] <> "") + $sshport = $config['system']['ssh']['port']; + else + $sshport = 22; + $ipfrules .= "block in log quick proto tcp from <sshlockout> to \$LANIPS port {$sshport} label \"sshlockout\"\n"; + } /* * Support for allow limiting of TCP connections by establishment rate |
