diff options
| author | Ermal <eri@pfsense.org> | 2011-05-02 20:41:05 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2011-05-02 20:57:50 +0000 |
| commit | 2dc14ea286c1cd7091bef34e4bdb932fcc98a803 (patch) | |
| tree | 29132ed9fe89c90dc8a892e415e27b28bc2bcd45 /etc/inc/filter.inc | |
| parent | b01adece6e555164cc2b22cbcdc299e9d5be971a (diff) | |
| download | pfsense-2dc14ea286c1cd7091bef34e4bdb932fcc98a803.zip pfsense-2dc14ea286c1cd7091bef34e4bdb932fcc98a803.tar.gz | |
Now that layer7 daemon issues are resolved bring back this optimization.
Revert "Do not write ont rules anymore max-packets. This apparently was done by me in a previous commit, it helps with Ticket #636."
This reverts commit c8703797e5c24e6619ad14819fc62b3cb8a6ae3d.
Diffstat (limited to 'etc/inc/filter.inc')
| -rw-r--r-- | etc/inc/filter.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 8fdf752..7e5e876 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1886,7 +1886,7 @@ function filter_generate_user_rule($rule) { } else $aline['flags'] .= "keep state "; - if($noadvoptions == false) + if($noadvoptions == false || $l7_present) if( (isset($rule['source-track']) and $rule['source-track'] <> "") or (isset($rule['max']) and $rule['max'] <> "") or (isset($rule['max-src-nodes']) and $rule['max-src-nodes'] <> "") or @@ -1895,7 +1895,7 @@ function filter_generate_user_rule($rule) { (isset($rule['max-src-conn-rates']) and $rule['max-src-conn-rates'] <> "") or (isset($rule['max-src-states']) and $rule['max-src-states'] <> "") or (isset($rule['statetimeout']) and $rule['statetimeout'] <> "") or - isset($rule['sloppy'])) { + isset($rule['sloppy']) or $l7_present) { $aline['flags'] .= "( "; if (isset($rule['sloppy'])) $aline['flags'] .= "sloppy "; |
