diff options
author | Ermal <eri@pfsense.org> | 2010-12-20 19:38:02 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2010-12-20 19:38:02 +0000 |
commit | 4cc233748fa7e79ac743364404152b7685c81288 (patch) | |
tree | 97da6913df6678936372c1f1550182807bac09d2 /etc/inc/filter.inc | |
parent | 3d04de612edaab4a8ec8d9756a2f6b9129106872 (diff) | |
download | pfsense-4cc233748fa7e79ac743364404152b7685c81288.zip pfsense-4cc233748fa7e79ac743364404152b7685c81288.tar.gz |
Well now that CP has the proper conditions and fastforwarding is disabled by default its needed to untighten a bit the rule of CP with direction out on pf(4).
Diffstat (limited to 'etc/inc/filter.inc')
-rw-r--r-- | etc/inc/filter.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 9e13ccf..b07d992 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1998,7 +1998,7 @@ function filter_rules_generate() { $cpinterface = implode(" ", $cpiflist); $cpaddresses = implode(" ", $cpiplist); $ipfrules .= "pass in quick on { {$cpinterface} } proto tcp from any to { {$cpaddresses} } port { 8000 8001 } keep state(sloppy)\n"; - $ipfrules .= "pass out quick on { {$cpinterface} } proto tcp from { {$cpaddresses} } port { 8000 8001 } to any keep state(sloppy)\n"; + $ipfrules .= "pass out quick on { {$cpinterface} } proto tcp from any port { 8000 8001 80 } to any flags any keep state(sloppy)\n"; } } /* relayd */ |