diff options
| author | Ermal <eri@pfsense.org> | 2010-04-22 11:23:04 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2010-04-22 11:23:04 +0000 |
| commit | 5de7d56f66ead10774f250f9cedbbbb0ac5cf9bf (patch) | |
| tree | f9818bc487ecbce814baffedbdd08d0edc2c9fa0 /etc/inc/filter.inc | |
| parent | c7de8be425e6061bedd63bfc2294d990ff576bc2 (diff) | |
| download | pfsense-5de7d56f66ead10774f250f9cedbbbb0ac5cf9bf.zip pfsense-5de7d56f66ead10774f250f9cedbbbb0ac5cf9bf.tar.gz | |
Ticket #528. Do not route-to for local connected subnets.
Diffstat (limited to 'etc/inc/filter.inc')
| -rw-r--r-- | etc/inc/filter.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index e8a7631..87f498b 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1897,7 +1897,7 @@ EOD; continue; $gw = get_interface_gateway($ifdescr); if (is_ipaddr($gw) && is_ipaddr($ifcfg['ip'])) - $ipfrules .= "pass out route-to ( {$ifcfg['if']} {$gw} ) from {$ifcfg['ip']} to any keep state allow-opts label \"let out anything from firewall host itself\"\n"; + $ipfrules .= "pass out route-to ( {$ifcfg['if']} {$gw} ) from {$ifcfg['ip']} to !{$ifcfg['sa']}/{$ifcfg['sn']} keep state allow-opts label \"let out anything from firewall host itself\"\n"; } @@ -2472,4 +2472,4 @@ function discover_pkg_rules($ruletype) { return $rules; } -?>
\ No newline at end of file +?> |
