diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2007-04-30 21:04:11 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2007-04-30 21:04:11 +0000 |
commit | 4303fbff5e9e36e5c140a97ca9af1751b647c0b5 (patch) | |
tree | dd708893196c997c7be2aac8331aabaf3bc28133 /etc/inc/filter.inc | |
parent | 27ecd06e76009db9d59de586202c0b56917d2fe7 (diff) | |
download | pfsense-4303fbff5e9e36e5c140a97ca9af1751b647c0b5.zip pfsense-4303fbff5e9e36e5c140a97ca9af1751b647c0b5.tar.gz |
* add comments about scheduler logic
* correct one case where the logic was not correct
Diffstat (limited to 'etc/inc/filter.inc')
-rw-r--r-- | etc/inc/filter.inc | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index d953e58..50d0572 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2050,9 +2050,11 @@ function generate_user_filter_rule($rule, $ngcounter) { if($g['debug']) log_error("[TDR DEBUG] status true -- rule type '$type'"); if($type == "block") { + // active deny rules should deny $ipfw_rule = tdr_create_ipfw_rule($rule, "deny"); tdr_install_rule($ipfw_rule); } else { + // active allow rules should allow $ipfw_rule = tdr_create_ipfw_rule($rule, "allow"); tdr_install_rule($ipfw_rule); } @@ -2062,20 +2064,23 @@ function generate_user_filter_rule($rule, $ngcounter) { * active else allow traffic until active */ if($type == "pass") { + // inactive pass rules should deny $ipfw_rule = tdr_create_ipfw_rule($rule, "deny"); tdr_install_rule($ipfw_rule); } else { - $ipfw_rule = tdr_create_ipfw_rule($rule, "allow"); + // inactive block rules should skipto + $ipfw_rule = tdr_create_ipfw_rule($rule, "skipto"); tdr_install_rule($ipfw_rule); } return "# $line"; } } else { if($schedule_enabled) { - $ipfw_rule = tdr_create_ipfw_rule($rule, "noschedallow"); + // no schedule allow rules should simply allow + $ipfw_rule = tdr_create_ipfw_rule($rule, "allow"); tdr_install_rule($ipfw_rule); - } - return $line; + } + return $line; } } |