diff options
| author | Ermal Luçi <eri@pfsense.org> | 2010-01-28 01:28:16 +0000 |
|---|---|---|
| committer | Ermal Luçi <eri@pfsense.org> | 2010-01-28 01:28:16 +0000 |
| commit | aa2d507086dd76a2ce57426296d212c714d45d67 (patch) | |
| tree | 32a4736bf99fc0f3dce81e64d14b36bc33198551 /etc/inc/filter.inc | |
| parent | 08ef3d78704ecfa6319ace4c94293e351fe8049a (diff) | |
| download | pfsense-aa2d507086dd76a2ce57426296d212c714d45d67.zip pfsense-aa2d507086dd76a2ce57426296d212c714d45d67.tar.gz | |
Move on to sloppy states. It should give speed improvement.
Diffstat (limited to 'etc/inc/filter.inc')
| -rw-r--r-- | etc/inc/filter.inc | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 5f5cc90..8456fa4 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1687,8 +1687,8 @@ function filter_rules_generate() { if (count($cpiplist) > 0 && count($cpiflist) > 0) { $cpinterface = implode(" ", $cpiflist); $cpaddresses = implode(" ", $cpiplist); - $ipfrules .= "pass in quick on {$cpinterface} proto tcp from any to {$cpaddresses} port { 8000 8001 } no state\n"; - $ipfrules .= "pass out quick on {$cpinterface} proto tcp from {$cpaddresses} port { 8000 8001 } to any no state\n"; + $ipfrules .= "pass in quick on {$cpinterface} proto tcp from any to {$cpaddresses} port { 8000 8001 } keep state(sloppy)\n"; + $ipfrules .= "pass out quick on {$cpinterface} proto tcp from {$cpaddresses} port { 8000 8001 } to any keep state(sloppy)\n"; } } /* relayd */ @@ -1894,10 +1894,10 @@ EOD; } if($sa) { $ipfrules .= <<<EOD -pass in quick on \${$oc['descr']} from {$sa}/{$sn} to {$route['network']} no state label "pass traffic between statically routed subnets" -pass in quick on \${$oc['descr']} from {$route['network']} to {$sa}/{$sn} no state label "pass traffic between statically routed subnets" -pass out quick on \${$oc['descr']} from {$sa}/{$sn} to {$route['network']} no state label "pass traffic between statically routed subnets" -pass out quick on \${$oc['descr']} from {$route['network']} to {$sa}/{$sn} no state label "pass traffic between statically routed subnets" +pass in quick on \${$oc['descr']} from {$sa}/{$sn} to {$route['network']} keep state(sloppy) label "pass traffic between statically routed subnets" +pass in quick on \${$oc['descr']} from {$route['network']} to {$sa}/{$sn} keep state(sloppy) label "pass traffic between statically routed subnets" +pass out quick on \${$oc['descr']} from {$sa}/{$sn} to {$route['network']} keep state(sloppy) label "pass traffic between statically routed subnets" +pass out quick on \${$oc['descr']} from {$route['network']} to {$sa}/{$sn} keep state(sloppy) label "pass traffic between statically routed subnets" EOD; } |
